Fortinet black logo

Quick Start

7.0.0
Copy Link
Copy Doc ID ad50e4c1-5cce-11eb-b9ad-00505692583a:369363
Download PDF

Quick Start

This section includes the following information to help you get started with using FortiSOAR MEA:

Enabling the FortiSOAR MEA

FortiAnalyzer provides access to a FortiSOAR MEA application that is released and signed by Fortinet.

Note

Only root users or users with sudo permissions can enable management extensions.

Enabling the FortiSOAR MEA using the FortiAnalyzer GUI

  1. Ensure you are using ADOM version 6.4 or later.
  2. Log on to FortiAnalyzer and navigate to Administration > System Settings > Management Extensions.
  3. Click the grayed-out tile for FortiSOAR MEA to enable the application.
  4. Click OK on the confirmation dialog to install and open the FortiSOAR MEA .
    Note: It may take some time to install the application. Also, note that on the first boot of FortiSOAR MEA, the Configuration Wizard runs automatically and performs the initial configuration steps for FortiSOAR MEA, such as enabling the embedded (default) Secure Message Exchange (SME), installing the trial license, etc. All of these steps take some time for completion.

Enabling the FortiSOAR MEA using the CLI

  1. Login to FortiAnalyzer using SSH.
  2. Enable the FortiSOAR MEA using the following commands:
    FAZ-VM64 # config system docker
    (docker) # set status enable
    (docker) # set fortisoar enable
    (docker) # end

You can check the status of the FortiSOAR MEA using the following command:
FAZ-VM64 # diagnose docker status

Once the FortiSOAR MEA extension is enabled, a trial FortiSOAR experience gets activated. For the trial mode, you do not require a license, a Trial(Extension) license is already included. The trial mode is limited by 2 users that can use FortiSOAR MEA for a maximum of 300 actions a day.

Also, by default, the IR Content Pack is installed. For more information on the IR Content Pack, see the FSR-IR-CONTENT-PACK article present in the Fortinet Knowledge Base.

Licensing FortiSOAR MEA

The FortiSOAR MEA is shipped with a Trial (Extension) license by default and you do not need to install any additional license to use FortiSOAR MEA on FortiAnalyzer. The trial mode is limited by 2 users that can use FortiSOAR MEA for a maximum of 300 actions a day.

Note

Important steps such as "Create Records", "Update Records", "Find Records", "Connection Actions", etc., are counted towards the maximum action count limit of 300. However, steps used for data manipulation such as "Wait", "Approval", "Loops", "Reference a Playbook", etc. are not counted towards the action count restriction.

For a more extensive usage without action count limit and to enable more users, you can update the trial license at any time to a FortiSOAR license. However, since the trial license is an "Enterprise" type license, you can only deploy a FortiSOAR license of type "Enterprise" using the FortiSOAR UI.

To update the Trial (Extenstion) license to a FortiSOAR license:

  1. Log onto FortiSOAR.
  2. Click Settings > License Manager to open the License Manager page as shown in the following image:

  3. To update your license, click Update License and either drag-and-drop your updated license or click and browse to the location where your license file is located, then select the file and click Open.

Accessing FortiSOAR MEA using SSH

If you SSH to FortiSOAR MEA on FortiAnalyzer for the first time, then you must accept the FortiSOAR MEA EULA. To accept the EULA on the FortiAnalyzer CLI, do the following:

  1. Login to FortiAnalyzer using SSH.
  2. Ensure that the FortiSOAR MEA Extensions is enabled. For more information, see Enabling the FortiSOAR MEA MEA using the CLI section.
  3. Get the FortiAnalyzer root prompt by running the execute shell command.
  4. Run the following command:
    docker exec -ti -u csadmin fortisoar_fortisoar_1 bash -l
    This command will ask you to accept the EULA. You must accept the EULA before you can proceed to the FortiSOAR MEA Configuration Wizard.
    After you accept the EULA and the Configuration Wizard is run, you can perform various operations on the FortiAnalyzer CLI such as checking the statuses of the FortiSOAR MEA using the FortiSOAR Admin CLI (csadm). For example, to check the status of services run the csadm services –-status command. For more information on 'csadm' see the see the FortiSOAR™ Administration Guide.

Backing up and restoring FortiSOAR MEA configurations

When FortiSOAR MEA is enabled, and you perform a backup of FortiAnalyzer using its UI, then the FortiSOAR MEA configurations also get backed up. You can then use these backed up configurations to restore the FortiSOAR MEA configuration.

Note

Only FortiSOAR MEA configurations are backed up, FortiSOAR MEA data is not backed up. To backup and restore both the configurations and data of FortiSOAR MEA, use the csadm db command. For more information, see the Backing up and Restoring FortiSOAR chapter in the "Administration Guide."

Quick Start

This section includes the following information to help you get started with using FortiSOAR MEA:

Enabling the FortiSOAR MEA

FortiAnalyzer provides access to a FortiSOAR MEA application that is released and signed by Fortinet.

Note

Only root users or users with sudo permissions can enable management extensions.

Enabling the FortiSOAR MEA using the FortiAnalyzer GUI

  1. Ensure you are using ADOM version 6.4 or later.
  2. Log on to FortiAnalyzer and navigate to Administration > System Settings > Management Extensions.
  3. Click the grayed-out tile for FortiSOAR MEA to enable the application.
  4. Click OK on the confirmation dialog to install and open the FortiSOAR MEA .
    Note: It may take some time to install the application. Also, note that on the first boot of FortiSOAR MEA, the Configuration Wizard runs automatically and performs the initial configuration steps for FortiSOAR MEA, such as enabling the embedded (default) Secure Message Exchange (SME), installing the trial license, etc. All of these steps take some time for completion.

Enabling the FortiSOAR MEA using the CLI

  1. Login to FortiAnalyzer using SSH.
  2. Enable the FortiSOAR MEA using the following commands:
    FAZ-VM64 # config system docker
    (docker) # set status enable
    (docker) # set fortisoar enable
    (docker) # end

You can check the status of the FortiSOAR MEA using the following command:
FAZ-VM64 # diagnose docker status

Once the FortiSOAR MEA extension is enabled, a trial FortiSOAR experience gets activated. For the trial mode, you do not require a license, a Trial(Extension) license is already included. The trial mode is limited by 2 users that can use FortiSOAR MEA for a maximum of 300 actions a day.

Also, by default, the IR Content Pack is installed. For more information on the IR Content Pack, see the FSR-IR-CONTENT-PACK article present in the Fortinet Knowledge Base.

Licensing FortiSOAR MEA

The FortiSOAR MEA is shipped with a Trial (Extension) license by default and you do not need to install any additional license to use FortiSOAR MEA on FortiAnalyzer. The trial mode is limited by 2 users that can use FortiSOAR MEA for a maximum of 300 actions a day.

Note

Important steps such as "Create Records", "Update Records", "Find Records", "Connection Actions", etc., are counted towards the maximum action count limit of 300. However, steps used for data manipulation such as "Wait", "Approval", "Loops", "Reference a Playbook", etc. are not counted towards the action count restriction.

For a more extensive usage without action count limit and to enable more users, you can update the trial license at any time to a FortiSOAR license. However, since the trial license is an "Enterprise" type license, you can only deploy a FortiSOAR license of type "Enterprise" using the FortiSOAR UI.

To update the Trial (Extenstion) license to a FortiSOAR license:

  1. Log onto FortiSOAR.
  2. Click Settings > License Manager to open the License Manager page as shown in the following image:

  3. To update your license, click Update License and either drag-and-drop your updated license or click and browse to the location where your license file is located, then select the file and click Open.

Accessing FortiSOAR MEA using SSH

If you SSH to FortiSOAR MEA on FortiAnalyzer for the first time, then you must accept the FortiSOAR MEA EULA. To accept the EULA on the FortiAnalyzer CLI, do the following:

  1. Login to FortiAnalyzer using SSH.
  2. Ensure that the FortiSOAR MEA Extensions is enabled. For more information, see Enabling the FortiSOAR MEA MEA using the CLI section.
  3. Get the FortiAnalyzer root prompt by running the execute shell command.
  4. Run the following command:
    docker exec -ti -u csadmin fortisoar_fortisoar_1 bash -l
    This command will ask you to accept the EULA. You must accept the EULA before you can proceed to the FortiSOAR MEA Configuration Wizard.
    After you accept the EULA and the Configuration Wizard is run, you can perform various operations on the FortiAnalyzer CLI such as checking the statuses of the FortiSOAR MEA using the FortiSOAR Admin CLI (csadm). For example, to check the status of services run the csadm services –-status command. For more information on 'csadm' see the see the FortiSOAR™ Administration Guide.

Backing up and restoring FortiSOAR MEA configurations

When FortiSOAR MEA is enabled, and you perform a backup of FortiAnalyzer using its UI, then the FortiSOAR MEA configurations also get backed up. You can then use these backed up configurations to restore the FortiSOAR MEA configuration.

Note

Only FortiSOAR MEA configurations are backed up, FortiSOAR MEA data is not backed up. To backup and restore both the configurations and data of FortiSOAR MEA, use the csadm db command. For more information, see the Backing up and Restoring FortiSOAR chapter in the "Administration Guide."