Fortinet black logo

New Features

Home FortiAnalyzer 7.0.0 New Features

Attach FortiMail connector actions to incidents

7.0.0
7.4.0
7.2.0
7.0.0
6.4.0
6.2.3
6.2.2
6.2.1
6.2.0
Copy Link
Copy Doc ID 6dd8af04-513d-11eb-b9ad-00505692583a:673453
Download PDF

Attach FortiMail connector actions to incidents

This feature will help users to see the result of FortiMail playbook actions in the incident analysis page. Information can be found within the Indicators tab of the incident analysis page once added.

To use the action in a FortiSoC playbook:
  1. Go to Fabric View. Click Create New and choose FortiMail under the Security Fabric category. Configure the FortiMail connector settings, and click OK.

  2. Create a playbook to get email statistics and attach the data to an incident.
    Go to FortiSoC > Automation > Playbook, and create a new playbook from scratch. In this example, the playbook is called GetMailStats.
    1. Select the On_Demand trigger as the starter.
    2. Create a task using the FortiMail connector with the Get Email Statistics action.
    3. Create a second task using the local connector with the Attach Data to Incident action.
    4. Click OK to save the playbook.
  3. Create a second playbook to get the sender reputation and attach the data to an incident. In this example, the playbook is called GetSenderReputation.
    1. Select the On_Demand trigger as the starter.
    2. Create a task using the FortiMail connecter with the Get Sender Reputation action.

    3. Create a second task using the local connector with the Attach Data to Incident action.
    4. Click OK to save the playbook.
  4. Run the GetMailStats playbook to retrieve statistics for the provided email address. This example uses u2@test1.com.
  5. Run the GetSenderReputation playbook.
  6. Go to FortiSoC > Automation > Playbook Monitor to confirm that both playbooks completed successfully.
  7. Go to FortiSoC > Incidents. Right-click on the selected incident and select Analysis.
    In the Analysis page, select Indicators. The playbook action results are displayed.

    Click on the details for the u2@test1 email address. The detailed statistics are displayed.

    Click on the details for the 172.16.81.1 address. The detailed reputation is displayed.
Previous
Next

Attach FortiMail connector actions to incidents

This feature will help users to see the result of FortiMail playbook actions in the incident analysis page. Information can be found within the Indicators tab of the incident analysis page once added.

To use the action in a FortiSoC playbook:
  1. Go to Fabric View. Click Create New and choose FortiMail under the Security Fabric category. Configure the FortiMail connector settings, and click OK.

  2. Create a playbook to get email statistics and attach the data to an incident.
    Go to FortiSoC > Automation > Playbook, and create a new playbook from scratch. In this example, the playbook is called GetMailStats.
    1. Select the On_Demand trigger as the starter.
    2. Create a task using the FortiMail connector with the Get Email Statistics action.
    3. Create a second task using the local connector with the Attach Data to Incident action.
    4. Click OK to save the playbook.
  3. Create a second playbook to get the sender reputation and attach the data to an incident. In this example, the playbook is called GetSenderReputation.
    1. Select the On_Demand trigger as the starter.
    2. Create a task using the FortiMail connecter with the Get Sender Reputation action.

    3. Create a second task using the local connector with the Attach Data to Incident action.
    4. Click OK to save the playbook.
  4. Run the GetMailStats playbook to retrieve statistics for the provided email address. This example uses u2@test1.com.
  5. Run the GetSenderReputation playbook.
  6. Go to FortiSoC > Automation > Playbook Monitor to confirm that both playbooks completed successfully.
  7. Go to FortiSoC > Incidents. Right-click on the selected incident and select Analysis.
    In the Analysis page, select Indicators. The playbook action results are displayed.

    Click on the details for the u2@test1 email address. The detailed statistics are displayed.

    Click on the details for the 172.16.81.1 address. The detailed reputation is displayed.
Previous
Next