Solved: FMC Feed through online csv file

Frank Osberg · ‎12-18-2021

Hi all

So I can see on github that there are list from MS sentinel that contains a lot of ipes that are trying to gain access for log4j...

The list gets updated all the time, but is there a way where I can make a security intelligence feed that keeps the list updated.

So I tried to make a list feed under Network Lists and Feeds - But I am getting a error 400 Bad request.

The link I a trying feed is :

Log4j-IP-Blocklist

This is how I have made the Feed in my FMC:

This shoud be right if the feed can do a csv file feeds correct??

Is there another way to fix this?

Frank

rhuysmans · ‎12-19-2021

Hi,

I used the full URL and it seemed to work ok, ie no error msgs.

https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/Sample%20Data/Feeds/Log4j_IOC_List.csv

Give it a try.

Merry Christmas.

View solution in original post

rhuysmans · ‎12-19-2021

Hi,

I used the full URL and it seemed to work ok, ie no error msgs.

https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/Sample%20Data/Feeds/Log4j_IOC_List.csv

Give it a try.

Merry Christmas.

Frank Osberg · ‎12-19-2021

Hi,

It is the same link as mine right? I just made i short here in my question, and the picture only shows the first... But i will try again.

Frank

rhuysmans · ‎12-19-2021

I believe so as I clicked on your link and the list popped up.
I then created a feed in my test FMC, running 7.1.0, and it worked first go.
I created a rule using the feed and that went through as well with no problems.

Cheers.

Frank Osberg · ‎12-19-2021

Hi @rhuysmans

Funny tried it again and now it works.

Great stuff.. Thanks for your help mate.

Have a Merry Christmas

Frank