Creating or editing Security Fabric connectors
You can create a Security Fabric connector on FortiAnalyzer for FortiClient EMS, FortiMail, and FortiCASB. Once configured, Security Fabric connectors enrich incident response related actions available in FortiSoC.
To create a Security Fabric connector:
- Go to Fabric View > Fabric > Fabric Connectors, and click Create New.
The Create New Fabric Connector dialog is displayed.
- Under Security Fabric, click FortiClient EMS, FortiMail, or FortiCASB.
- In the Configuration tab, configure the following options for:
FortiClient EMS
Property
Description
Type
Select FortiClient EMS or FortiClient EMS Cloud.
Name Type a name for the Security Fabric connector. Description (Optional) Type a description for the Security Fabric connector. FortiClient EMS
IP/FQDN
Type the IP address or FQDN for the Security Fabric device.
Username
Type the username for the Security Fabric device.
Password
Type the password for the Security Fabric device.
FortiClient EMS Cloud
Account ID
Super users can type the account ID of the FortiClient EMS Cloud instance.
For non-super users, the field is automatically populated with the default account ID. The FortiAnalyzer device must be registered with FortiCloud to create and update the connector as a non-super user.
The FortiClient EMS must be v7.0 or later. After the FortiClient EMS Cloud connector is created, the connector's health-check sends an authentication request with SNI (the account ID) to the EMS instance. The authentication request from the FortiAnalyzer device must be approved in EMS: Administration > Fabric Devices. For more information, see FortiClient on the Fortinet Docs Library.
Status
Toggle On to enable the Security Fabric connector. Toggle Off to disable the Security Fabric connector.
FortiMail
Property
Description
Name Type a name for the Security Fabric connector. Description (Optional) Type a description for the Security Fabric connector. IP/FQDN Type the IP address or FQDN for the Security Fabric device.
Username
Type the username for the Security Fabric device.
Password
Type the password for the Security Fabric device.
Status Toggle On to enable the Security Fabric connector. Toggle Off to disable the Security Fabric connector. FortiCASB
Property
Description
Name Type a name for the Security Fabric connector. Description (Optional) Type a description for the Security Fabric connector. IP/FQDN Type the IP address or FQDN for the Security Fabric device.
Use the FortiCASB FQDN for your chosen server location. The server location is selected when creating your FortiCASB account. Use
forticasb.com
for global servers oreu.forticasb.com
for EU based servers.Account ID
Enter the credentials token used for authentication.
To create a FortiCASB credentials token, log in to FortiCASB with your account, go to Home > Manage Company > API Setting, and click Generate New. For more information, see FortiCASB on the Fortinet Docs Library.
Status Toggle On to enable the Security Fabric connector. Toggle Off to disable the Security Fabric connector. - Click the Actions tab to view the actions available with the Security Fabric connector, then click OK.
After the Security Fabric connector is created, playbooks configured in FortiSoC can use the connector to execute automated actions. For a list of connector actions available in FortiSoC playbooks, see Connectors.
Default playbooks are automatically created when configuring some Security Fabric connectors. For more information on playbooks in FortiSoC, see Playbooks.
To edit a Security Fabric connector:
- Go to Fabric View > Fabric > Connectors.
- Right-click a Security Fabric connector, and select Edit.
The Edit Connectors dialog is displayed.
- Edit the settings, and click OK.