Fortinet Document Library

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:


Table of Contents

Administration Guide

Creating or editing Security Fabric connectors

You can create a fabric connector on FortiAnalyzer for FortiClient EMS to execute EMS operations on endpoints.

Once configured, fabric connectors enrich incident response related actions available in Assets and FortiSoC.

To create an EMS connecter:
  1. Go to Fabric View.
  2. Click the Fabric Connectors tab, then click Create New.
  3. Click the FortiClient EMS tile. The Create New Fabric Connector dialog opens.
  4. In the Configuration tab, configure the connector settings and click OK.

    Property

    Description

    Name Type a name for the fabric connector.
    Description (Optional) Type a description for the fabric connector.
    IP\FQDN Type the IP address or FQDN for FortiClient EMS.
    Username Type the username for FortiClient EMS.
    Password Type the password for FortiClient EMS.
    Status Toggle On to enable the fabric connector. Toggle Off to disable the fabric connector.
  5. Click the Actions tab and toggle the endpoint settings On or Off, then click OK.

    Property

    Description

    GET_ENDPOINTS Retrieve list of endpoints and all of the related information to enrich FortiAnalyzer asset and identity views.

    QUARANTINE

    Quarantines an endpoint.

    UNQUARANTINE

    Unquarantines an endpoint.

    GET_SOFTWARE_INVENTORY

    Retrieve list of software and apps installed on an endpoint to enrich FortiAnalyzer asset view.

    VULN_SCAN

    Run a vulnerability scan on endpoints.

    AV_QUICK_SCAN

    Run a quick antivirus scan on endpoints.

    AV_FULL_SCAN

    Run a full antivirus scan on endpoints.

    GET_PROCESSES

    Retrieve list of running process on endpoints OS.

After the fabric connector is created, FortiSoC can use the connector to execute operations on endpoints.

To edit a security fabric connector:
  1. Go to Fabric View > Fabric Connectors.
  2. Select an existing security fabric connector to edit.
  3. In the dropdown menu that appears below the connector name, modify the connector settings.
  4. Click OK.

Creating or editing Security Fabric connectors

You can create a fabric connector on FortiAnalyzer for FortiClient EMS to execute EMS operations on endpoints.

Once configured, fabric connectors enrich incident response related actions available in Assets and FortiSoC.

To create an EMS connecter:
  1. Go to Fabric View.
  2. Click the Fabric Connectors tab, then click Create New.
  3. Click the FortiClient EMS tile. The Create New Fabric Connector dialog opens.
  4. In the Configuration tab, configure the connector settings and click OK.

    Property

    Description

    Name Type a name for the fabric connector.
    Description (Optional) Type a description for the fabric connector.
    IP\FQDN Type the IP address or FQDN for FortiClient EMS.
    Username Type the username for FortiClient EMS.
    Password Type the password for FortiClient EMS.
    Status Toggle On to enable the fabric connector. Toggle Off to disable the fabric connector.
  5. Click the Actions tab and toggle the endpoint settings On or Off, then click OK.

    Property

    Description

    GET_ENDPOINTS Retrieve list of endpoints and all of the related information to enrich FortiAnalyzer asset and identity views.

    QUARANTINE

    Quarantines an endpoint.

    UNQUARANTINE

    Unquarantines an endpoint.

    GET_SOFTWARE_INVENTORY

    Retrieve list of software and apps installed on an endpoint to enrich FortiAnalyzer asset view.

    VULN_SCAN

    Run a vulnerability scan on endpoints.

    AV_QUICK_SCAN

    Run a quick antivirus scan on endpoints.

    AV_FULL_SCAN

    Run a full antivirus scan on endpoints.

    GET_PROCESSES

    Retrieve list of running process on endpoints OS.

After the fabric connector is created, FortiSoC can use the connector to execute operations on endpoints.

To edit a security fabric connector:
  1. Go to Fabric View > Fabric Connectors.
  2. Select an existing security fabric connector to edit.
  3. In the dropdown menu that appears below the connector name, modify the connector settings.
  4. Click OK.