Ukraine Flag Standing with Ukraine

ThreatHive Integration Guide - FortiGate

Step-by-step guide to configuring ThreatHive blocklist

Integration Steps

  1. Access the FortiGate Web Interface: Log in to your FortiGate firewall's web interface.
  2. Navigate to External Resources: Go to Security Fabric > External Connectors.
  3. Add a New Threat Feed: Click Create New to add a new external resource.
  4. Configure the Threat Feed:
    • Name: ThreatHive Blocklist
    • Type: IP Address
    • URL: https://threathive.net/hiveblocklist.txt
    • Authentication: None (no username or password required)
    • Update Method: Pull (FortiGate will periodically fetch the list)
    • Update Interval: Set to 15 minutes
  5. Save and Apply:
    • Click OK to save the configuration.
  6. Using the Threat Feed:
    • Firewall Policies: Use the IP addresses in firewall policies to block or monitor traffic.
    • Logging and Monitoring: Monitor logs to ensure functionality and identify false positives.
  7. Best Practices:
    • Test the Feed: Use a controlled environment to avoid blocking legitimate traffic.
    • Monitor Updates: Regularly check for updates and adjust intervals if necessary.
    • Combine with Other Feeds: Integrate additional feeds for better protection.