Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:


Table of Contents

Administration Guide

Integrate Method settings

FGT-REST-API

Compatible FortiGate version: 6.0.4 or later

IP

IP address of the integrated device.

Port

Port number of the integrated device API service. Default is 8443.

Username

Username of the integrated device.

Password

Password of the integrated device.

VDOM

For FortiGate devices, the default access VDOM.

Expiry

Default blocking time in second. Default is 3600 seconds.

FGT-WEBHOOK

Compatible FortiGate version: 6.4.0 or later

Block Action Expiry

Default blocking time in seconds. Default is 3600 seconds.

URL

Enter the request API URI.

Authorization

Enter the API key.

Unblock Action Expiry

Default blocking time in seconds. Default is 3600 seconds.

URL

Enter the request API URI.

Authorization

Enter the API key.

PAN-XMLAPI

Compatible PAN-device version: 10.0.0 or later

Device IP IP address of the integrated device.
Port Port number of the integrated device API service. Default is 8443.
Username Username of the integrated device.
Password Password of the integrated device.
Vsys The virtual system which is configured on PAN
Policy Index Select Top or Bottom.
Expiry Default blocking time in seconds. Default is 3600 seconds.
GEN-WEBHOOK

Compatible FortiNAC version: 8.8 or later (Firmware: 8.8.2.1714)

Block Action: Expiry

Default blocking time in seconds. Default is 3600 seconds.

Http Method

Select GET, POST, PUT, or PATCH

URL

Enter the request API URI.

Authorization

Enter the API key.

HTTP Header

Select Empty, Hacker-IP, Hacker-MAC, or Expiry-Time.

HTTP Data

Select Empty, Hacker-IP, Hacker-MAC, or Expiry-Time.

Unblock Action: Http Method

Select GET, POST, PUT, or PATCH

URL

Enter the request API URI.

Authorization

Enter the API key.

HTTP Header

Select Empty, Hacker-IP, Hacker-MAC, or Expiry-Time.

HTTP Data

Select Empty, Hacker-IP, Hacker-MAC, or Expiry-Time.

FNAC-WEBHOOK

Compatible FortiNAC version: 8.8.2.1714 or later.

IP:

IP address of the integrated device.

Port:

Port number of the integrated device API service. Default is 8443.

Authorization Token:

The FortiNAC-WEBHOOK auhtorization token generated by FNAC.

Expiry:

Default blocking time in seconds. Default is 3600 seconds.

WMI-Disable
Domain

The device domain.

Username

Username of the integrated device.

Password

Password of the integrated device.

FortiEDR-Isolation

Compatible FortiEDR version: 5.0.2.305 or later.

IP

IP address of the integrated device.

Port

Port number of the integrated device API service. Default is 8443.

Organization\Username

The FortiEDR organization and username.

Password

Password of the integrated device.

Expiry

Default blocking time in seconds. Default is 3600 seconds.

Cisco-ISE

Compatible Cisco ISE version: 2.7 or later.

Server URL/IP

The Cisco server URL and IP address.

Port

Port number of the integrated device API service. Default is 8443.

Username

Username of the integrated device.

Password

Password of the integrated device.

Verify SSL

Enable to verify SSL.

Expiry

Default blocking time in seconds. Default is 3600 seconds.

Microsoft-ATP
Server URL

Service base URI to connect and perform the automated operations. For example, https://api.securitycenter.microsoft.com.

Client ID

Client ID of the Azure application that is used to access Windows Defender ATP

Client Secret

Secret string that the application (used to access Windows Defender ATP) uses to prove its identity

Tenant ID

Tenant ID of the Azure application

Verify SSL

Enable to verify SSL.

Expiry

Default blocking time in seconds. Default is 3600 seconds.

CrowdStrike-Isolation
Server URL

CrowdStrike server URL.

Client ID

Client ID of the Crowdstrike application which is used to access CrowdStrike isolation service.

Client Secret

Secret string of the Crowdstrike application which is used to access CrowdStrike isolation service.

Verify SSL

Enable to verify SSL.

Expiry

Default blocking time in seconds. Default is 3600 seconds.

FSM-Watch-List
IP

IP address of the integrated device.

Port

Port number of the integrated device API service. Default is 8443.

Username:

Username of the integrated device.

Password:

Password of the integrated device.

Organization

Type the organization name for the integration device.

Verify SSL

Enable to verify SSL.

Watch-List Name

Type Watch-List Name as defined in FortiSIEM.

Lure Users-Manual Mode

Type the other lures you want to watch.

Polling Time Interval

Default polling time in seconds. Default is 3600 seconds.

Integrate Method settings

FGT-REST-API

Compatible FortiGate version: 6.0.4 or later

IP

IP address of the integrated device.

Port

Port number of the integrated device API service. Default is 8443.

Username

Username of the integrated device.

Password

Password of the integrated device.

VDOM

For FortiGate devices, the default access VDOM.

Expiry

Default blocking time in second. Default is 3600 seconds.

FGT-WEBHOOK

Compatible FortiGate version: 6.4.0 or later

Block Action Expiry

Default blocking time in seconds. Default is 3600 seconds.

URL

Enter the request API URI.

Authorization

Enter the API key.

Unblock Action Expiry

Default blocking time in seconds. Default is 3600 seconds.

URL

Enter the request API URI.

Authorization

Enter the API key.

PAN-XMLAPI

Compatible PAN-device version: 10.0.0 or later

Device IP IP address of the integrated device.
Port Port number of the integrated device API service. Default is 8443.
Username Username of the integrated device.
Password Password of the integrated device.
Vsys The virtual system which is configured on PAN
Policy Index Select Top or Bottom.
Expiry Default blocking time in seconds. Default is 3600 seconds.
GEN-WEBHOOK

Compatible FortiNAC version: 8.8 or later (Firmware: 8.8.2.1714)

Block Action: Expiry

Default blocking time in seconds. Default is 3600 seconds.

Http Method

Select GET, POST, PUT, or PATCH

URL

Enter the request API URI.

Authorization

Enter the API key.

HTTP Header

Select Empty, Hacker-IP, Hacker-MAC, or Expiry-Time.

HTTP Data

Select Empty, Hacker-IP, Hacker-MAC, or Expiry-Time.

Unblock Action: Http Method

Select GET, POST, PUT, or PATCH

URL

Enter the request API URI.

Authorization

Enter the API key.

HTTP Header

Select Empty, Hacker-IP, Hacker-MAC, or Expiry-Time.

HTTP Data

Select Empty, Hacker-IP, Hacker-MAC, or Expiry-Time.

FNAC-WEBHOOK

Compatible FortiNAC version: 8.8.2.1714 or later.

IP:

IP address of the integrated device.

Port:

Port number of the integrated device API service. Default is 8443.

Authorization Token:

The FortiNAC-WEBHOOK auhtorization token generated by FNAC.

Expiry:

Default blocking time in seconds. Default is 3600 seconds.

WMI-Disable
Domain

The device domain.

Username

Username of the integrated device.

Password

Password of the integrated device.

FortiEDR-Isolation

Compatible FortiEDR version: 5.0.2.305 or later.

IP

IP address of the integrated device.

Port

Port number of the integrated device API service. Default is 8443.

Organization\Username

The FortiEDR organization and username.

Password

Password of the integrated device.

Expiry

Default blocking time in seconds. Default is 3600 seconds.

Cisco-ISE

Compatible Cisco ISE version: 2.7 or later.

Server URL/IP

The Cisco server URL and IP address.

Port

Port number of the integrated device API service. Default is 8443.

Username

Username of the integrated device.

Password

Password of the integrated device.

Verify SSL

Enable to verify SSL.

Expiry

Default blocking time in seconds. Default is 3600 seconds.

Microsoft-ATP
Server URL

Service base URI to connect and perform the automated operations. For example, https://api.securitycenter.microsoft.com.

Client ID

Client ID of the Azure application that is used to access Windows Defender ATP

Client Secret

Secret string that the application (used to access Windows Defender ATP) uses to prove its identity

Tenant ID

Tenant ID of the Azure application

Verify SSL

Enable to verify SSL.

Expiry

Default blocking time in seconds. Default is 3600 seconds.

CrowdStrike-Isolation
Server URL

CrowdStrike server URL.

Client ID

Client ID of the Crowdstrike application which is used to access CrowdStrike isolation service.

Client Secret

Secret string of the Crowdstrike application which is used to access CrowdStrike isolation service.

Verify SSL

Enable to verify SSL.

Expiry

Default blocking time in seconds. Default is 3600 seconds.

FSM-Watch-List
IP

IP address of the integrated device.

Port

Port number of the integrated device API service. Default is 8443.

Username:

Username of the integrated device.

Password:

Password of the integrated device.

Organization

Type the organization name for the integration device.

Verify SSL

Enable to verify SSL.

Watch-List Name

Type Watch-List Name as defined in FortiSIEM.

Lure Users-Manual Mode

Type the other lures you want to watch.

Polling Time Interval

Default polling time in seconds. Default is 3600 seconds.