Fortinet Document Library

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:


Table of Contents

Administration Guide

Connectors

Connectors displays automated playbook actions that can be performed using configured FortiSoC connectors.

Local (FortiAnalyzer), FortiOS, and FortiClient EMS connectors are supported.

To view FortiSoC connectors, go to FortiSoC > Automation > Connectors. The following information is displayed when a connector is configured:

Connector type

Field

Description

Local and EMS connectors Name The name of the action.
Description A description of the action.
Parameter

The parameters that can be specified when configuring the action.

Required parameters are listed with an asterisk.

Output The output available with the action.

FOS connectors

Automation Rule

The name of the automation rule created on FortiOS.

Automation Action

The action(s) that occur when the task is triggered.

Parameter

The parameters that can be specified when configuring the action.

Required parameters are listed with an asterisk.

Local Connector

The local connector is the default connector for FortiAnalyzer. The local connector displays a set of predefined FortiAnalyzer actions to be used within playbooks.

EMS Connectors

FortiClient EMS connectors are configured at Fabric View > Fabric Connectors. See Creating or editing Security Fabric connectors.

EMS connector actions can be toggled on and off while editing the connector.

FortiOS Connector

The FortiOS connector is added after the first FortiGate has been authorized on an ADOM. Additional devices authorized to the ADOM are displayed as separate entries within the same connector. FortiOS connectors are available in FortiGate and Fabric ADOMs.

Enabling FortiOS actions

The actions available with FortiOS connectors are determined by automation rules configured on each FortiGate. Automation rules using the Incoming Webhook trigger must be created in FortiOS before they are shown as actions in FortiSoC. FortiOS automation rules are configured on FortiOS in Security Fabric > Automation. For information on creating FortiOS automation rules, see the FortiOS administration guide.

Rules for FortiOS actions:

  • Automation rules must use the Incoming Webhook trigger.
  • Automation rules are configured on FortiGate devices individually.
  • When multiple FortiOS connectors are configured, FortiAnalyzer decides which device to call based on the devid (serial number) identified in the task. FortiGate serial numbers can be manually entered or supplied by a preceding task.
  • Automation rules must have unique names to be displayed in the task's Action dropdown menu. Rules sharing the same name will appear only once, as they are considered to be the same automation rule configured on multiple FortiGate devices.
  • FortiOS automation rules are only displayed in FortiSoC when they are enabled in FortiOS.

Connectors

Connectors displays automated playbook actions that can be performed using configured FortiSoC connectors.

Local (FortiAnalyzer), FortiOS, and FortiClient EMS connectors are supported.

To view FortiSoC connectors, go to FortiSoC > Automation > Connectors. The following information is displayed when a connector is configured:

Connector type

Field

Description

Local and EMS connectors Name The name of the action.
Description A description of the action.
Parameter

The parameters that can be specified when configuring the action.

Required parameters are listed with an asterisk.

Output The output available with the action.

FOS connectors

Automation Rule

The name of the automation rule created on FortiOS.

Automation Action

The action(s) that occur when the task is triggered.

Parameter

The parameters that can be specified when configuring the action.

Required parameters are listed with an asterisk.

Local Connector

The local connector is the default connector for FortiAnalyzer. The local connector displays a set of predefined FortiAnalyzer actions to be used within playbooks.

EMS Connectors

FortiClient EMS connectors are configured at Fabric View > Fabric Connectors. See Creating or editing Security Fabric connectors.

EMS connector actions can be toggled on and off while editing the connector.

FortiOS Connector

The FortiOS connector is added after the first FortiGate has been authorized on an ADOM. Additional devices authorized to the ADOM are displayed as separate entries within the same connector. FortiOS connectors are available in FortiGate and Fabric ADOMs.

Enabling FortiOS actions

The actions available with FortiOS connectors are determined by automation rules configured on each FortiGate. Automation rules using the Incoming Webhook trigger must be created in FortiOS before they are shown as actions in FortiSoC. FortiOS automation rules are configured on FortiOS in Security Fabric > Automation. For information on creating FortiOS automation rules, see the FortiOS administration guide.

Rules for FortiOS actions:

  • Automation rules must use the Incoming Webhook trigger.
  • Automation rules are configured on FortiGate devices individually.
  • When multiple FortiOS connectors are configured, FortiAnalyzer decides which device to call based on the devid (serial number) identified in the task. FortiGate serial numbers can be manually entered or supplied by a preceding task.
  • Automation rules must have unique names to be displayed in the task's Action dropdown menu. Rules sharing the same name will appear only once, as they are considered to be the same automation rule configured on multiple FortiGate devices.
  • FortiOS automation rules are only displayed in FortiSoC when they are enabled in FortiOS.