Threat Feeds Collections
Here I list and share threat feeds I collected over the years for FortiOS and other systems...
FortiGate has the ability to add threat feeds from external sources. This function significantly increases FortiGate's capability of catching and blocking threats in real-time. According to the FortiOS Cookbook:
Threat feeds dynamically import an external block lists from an HTTP server in the form of a text file. Block lists can be used to enforce special security requirements, such as long term policies to always block access to certain websites, or short term requirements to block access to known compromised locations. The lists are dynamically imported, so that any changes are immediately imported by FortiOS.
FortiOS supports four types of threat feeds:
FortiGuard Category
Example:
http://example/com.url
https://example.com/url
http://example.com:8080/url
IP Address
Example:
192.168.2.100
172.200.1.4/16
172.16.1.2/24
172.16.8.1-172.16.8.100
2001:0db8::eade:27ff:fe04:9a01/120
2001:0db8::eade:27ff:fe04:aa01-2001:0db8::eade:27ff:fe04:ab01
Domain Name
Example:
mail.*.example.com
*-special.example.com
www.*example.com
example.com
Malware Hash
Example:
292b2e6bb027cd4ff4d24e338f5c48de
dda37961870ce079defbf185eeeef905 Trojan-Ransom.Win32.Locky.abfl
3fa86717650a17d075d856a41b3874265f8e9eab Trojan-Ransom.Win32.Locky.abfl
c35f705df9e475305c0984b05991d444450809c35dd1d96106bb8e7128b9082f Trojan-Ransom.Win32.Locky.abfl
List of Threat Feeds
https://secureupdates.che..int.com/IP-list/TOR.txt
https://s3.us-east-2.amaz...om/ip-blacklist/ip.txt
http://rules.emergingthre...emerging-Block-IPs.txt
https://talosintelligence../documents/ip-blacklist
https://lists.blocklist.de/lists/all.txt
Blocklist Collection ¦ Firebog
https://www.team-cymru.com/blocklist
https://raw.githubusercontent.com/stamparm/ipsum/master/levels/3.txt
Martin Schiftan
