Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:


Table of Contents

Administration Guide

Creating or editing Security Fabric connectors

You can create a Security Fabric connector on FortiAnalyzer for FortiClient EMS, FortiMail, and FortiCASB. Once configured, Security Fabric connectors enrich incident response related actions available in FortiSoC.

To create a Security Fabric connector:
  1. Go to Fabric View > Fabric > Connectors, and click Create New.

    The Create New Fabric Connector dialog is displayed.

  2. Under Security Fabric, click FortiClient EMS, FortiMail, or FortiCASB.
  3. In the Configuration tab, configure the following options for:

    FortiClient EMS

    Property

    Description

    Type

    Select FortiClient EMS or FortiClient EMS Cloud.

    Name Type a name for the Security Fabric connector.
    Description (Optional) Type a description for the Security Fabric connector.

    FortiClient EMS

    IP/FQDN

    Type the IP address or FQDN for the Security Fabric device.

    Username

    Type the username for the Security Fabric device.

    Password

    Type the password for the Security Fabric device.

    FortiClient EMS Cloud

    Account ID

    Type the account ID of the FortiClient EMS Cloud instance.

    The FortiClient EMS must be v7.0 or later. After the FortiClient EMS Cloud connector is created, the connector's health-check sends an authentication request with SNI (the account ID) to the EMS instance. The authentication request from the FortiAnalyzer device must be approved in EMS: Administration > Fabric Devices. For more information, see FortiClient on the Fortinet Docs Library.

    Status

    Toggle On to enable the Security Fabric connector. Toggle Off to disable the Security Fabric connector.

    FortiMail

    Property

    Description

    Name Type a name for the Security Fabric connector.
    Description (Optional) Type a description for the Security Fabric connector.
    IP/FQDN

    Type the IP address or FQDN for the Security Fabric device.

    Username

    Type the username for the Security Fabric device.

    Password

    Type the password for the Security Fabric device.

    Status Toggle On to enable the Security Fabric connector. Toggle Off to disable the Security Fabric connector.

    FortiCASB

    Property

    Description

    Name Type a name for the Security Fabric connector.
    Description (Optional) Type a description for the Security Fabric connector.
    IP/FQDN

    Type the IP address or FQDN for the Security Fabric device.

    Use the FortiCASB FQDN for your chosen server location. The server location is selected when creating your FortiCASB account. Use forticasb.com for global servers or eu.forticasb.com for EU based servers.

    Account ID

    Enter the credentials token used for authentication.

    To create a FortiCASB credentials token, log in to FortiCASB with your account, go to Home > Manage Company > API Setting, and click Generate New. For more information, see FortiCASB on the Fortinet Docs Library.

    Status Toggle On to enable the Security Fabric connector. Toggle Off to disable the Security Fabric connector.
  4. Click the Actions tab to view the actions available with the Security Fabric connector, then click OK.

After the Security Fabric connector is created, playbooks configured in FortiSoC can use the connector to execute automated actions. For a list of connector actions available in FortiSoC playbooks, see Connectors.

Default playbooks are automatically created when configuring some Security Fabric connectors. For more information on playbooks in FortiSoC, see Playbooks.

To edit a Security Fabric connector:
  1. Go to Fabric View > Fabric > Connectors.
  2. Right-click a Security Fabric connector, and select Edit.

    The Edit Connectors dialog is displayed.

  3. Edit the settings, and click OK.

Creating or editing Security Fabric connectors

You can create a Security Fabric connector on FortiAnalyzer for FortiClient EMS, FortiMail, and FortiCASB. Once configured, Security Fabric connectors enrich incident response related actions available in FortiSoC.

To create a Security Fabric connector:
  1. Go to Fabric View > Fabric > Connectors, and click Create New.

    The Create New Fabric Connector dialog is displayed.

  2. Under Security Fabric, click FortiClient EMS, FortiMail, or FortiCASB.
  3. In the Configuration tab, configure the following options for:

    FortiClient EMS

    Property

    Description

    Type

    Select FortiClient EMS or FortiClient EMS Cloud.

    Name Type a name for the Security Fabric connector.
    Description (Optional) Type a description for the Security Fabric connector.

    FortiClient EMS

    IP/FQDN

    Type the IP address or FQDN for the Security Fabric device.

    Username

    Type the username for the Security Fabric device.

    Password

    Type the password for the Security Fabric device.

    FortiClient EMS Cloud

    Account ID

    Type the account ID of the FortiClient EMS Cloud instance.

    The FortiClient EMS must be v7.0 or later. After the FortiClient EMS Cloud connector is created, the connector's health-check sends an authentication request with SNI (the account ID) to the EMS instance. The authentication request from the FortiAnalyzer device must be approved in EMS: Administration > Fabric Devices. For more information, see FortiClient on the Fortinet Docs Library.

    Status

    Toggle On to enable the Security Fabric connector. Toggle Off to disable the Security Fabric connector.

    FortiMail

    Property

    Description

    Name Type a name for the Security Fabric connector.
    Description (Optional) Type a description for the Security Fabric connector.
    IP/FQDN

    Type the IP address or FQDN for the Security Fabric device.

    Username

    Type the username for the Security Fabric device.

    Password

    Type the password for the Security Fabric device.

    Status Toggle On to enable the Security Fabric connector. Toggle Off to disable the Security Fabric connector.

    FortiCASB

    Property

    Description

    Name Type a name for the Security Fabric connector.
    Description (Optional) Type a description for the Security Fabric connector.
    IP/FQDN

    Type the IP address or FQDN for the Security Fabric device.

    Use the FortiCASB FQDN for your chosen server location. The server location is selected when creating your FortiCASB account. Use forticasb.com for global servers or eu.forticasb.com for EU based servers.

    Account ID

    Enter the credentials token used for authentication.

    To create a FortiCASB credentials token, log in to FortiCASB with your account, go to Home > Manage Company > API Setting, and click Generate New. For more information, see FortiCASB on the Fortinet Docs Library.

    Status Toggle On to enable the Security Fabric connector. Toggle Off to disable the Security Fabric connector.
  4. Click the Actions tab to view the actions available with the Security Fabric connector, then click OK.

After the Security Fabric connector is created, playbooks configured in FortiSoC can use the connector to execute automated actions. For a list of connector actions available in FortiSoC playbooks, see Connectors.

Default playbooks are automatically created when configuring some Security Fabric connectors. For more information on playbooks in FortiSoC, see Playbooks.

To edit a Security Fabric connector:
  1. Go to Fabric View > Fabric > Connectors.
  2. Right-click a Security Fabric connector, and select Edit.

    The Edit Connectors dialog is displayed.

  3. Edit the settings, and click OK.