Integrate Method settings
A/D Connector Isolation
|
Hostname |
|
|
Port |
Port number used for connecting to the AD server. |
|
Username |
Valid AD service account with a minimum of account operators access. |
|
Password for your AD user. |
|
|
Base DN |
The base, or node from where the search should start. All connector operations are carried out using the Base DN as a root to the AD organization tree. You can restrict the AD lookup by providing appropriate filters in this parameter. Some examples are as follows:
|
|
Bind DN |
The fully distinguished name, which is used to bind to the AD server. |
|
Use TLS |
Specifies whether SSL and TLS. SSL is used by default. |
|
Limit |
The number of quarantine attackers per 24 hours. |
Aruba ClearPass
|
Server URL |
The Aruba ClearPass URL or IP address. |
|
Client ID |
Client ID of the Aruba ClearPass application which is used to access Aruba ClearPass. |
|
Auth Type |
Select Username/Password or Client Secret. |
|
Username |
If the Auth Type is Username/Password, enter the Aruba ClearPass username. |
|
Password |
If the Auth Type is Username/Password, enter the Aruba ClearPass password. |
|
Client Secret |
If the Auth Type is Client Secret, enter the Aruba ClearPass client secret. |
|
Verify SSL |
Enable to verify Secure Sockets Layer. |
|
Expiry |
Default blocking time in seconds. Default is 3600 seconds |
AWS Keys
|
AWS Region |
AWS region to access the AWS CloudTrail. |
|
AWS Access Key ID |
ID of the AWS Access Key to access AWS services. |
|
AWS Secret Access Key |
Key of the AWS Secret Access to access AWS services. |
|
Verify SSL |
Specifies whether the SSL certificate for the server is to be verified or not. By default, this option is set as True. |
Azure Keys
|
Client ID |
Also called Application ID;Unique ID of the Microsoft Entra application. |
|
Client Secret |
Client Secret of the Microsoft Entra application that is used to create an authentication token required to access the API. |
|
Tenant ID |
Tenant ID provided for your Microsoft Entra. |
|
Verify SSL |
Specifies whether the SSL certificate for the server is to be verified or not. By default, this option is set as True. |
CheckPoint-FW-Isolation
Compatible CheckPoint version: R81 build392 or later
| IP/URL |
IP address or URL of the integrated device. |
| Port |
Port number of the integrated device API service. Default is 443. |
|
IP Block Policy(Network Group Name) |
Enter the Network Group Name. |
| Username |
Username of the integrated device. |
| Password |
Password of the integrated device. |
|
Verify SSL |
Enable to verify Secure Sockets Layer. |
| Install Policy After Publish | Enable to install the policy after it is published. |
Cisco-ISE
Compatible Cisco ISE version: 2.7 or later.
| Server URL/IP |
The Cisco server URL and IP address. |
| Port |
Port number of the integrated device API service. Default is 9060. |
| Username |
Username of the integrated device. |
| Password |
Password of the integrated device. |
| Verify SSL |
Enable to verify SSL. |
| Expiry |
Default blocking time in seconds. Default is 3600 seconds. |
CrowdStrike-Isolation
| Server URL |
CrowdStrike server URL. |
| Client ID |
Client ID of the Crowdstrike application which is used to access CrowdStrike isolation service. |
| Client Secret |
Secret string of the Crowdstrike application which is used to access CrowdStrike isolation service. |
| Verify SSL |
Enable to verify SSL. |
| Expiry |
Default blocking time in seconds. Default is 3600 seconds. |
FGT-REST-API
Compatible FortiGate version: 6.0.4 or later
| IP |
IP address of the integrated device. |
| Port |
Port number of the integrated device API service. Default is 443. |
| Username |
Username of the integrated device. |
| Password |
Password of the integrated device. |
| VDOM |
For FortiGate devices, the default access VDOM. |
| Expiry |
Default blocking time in second. Default is 3600 seconds. |
FGT-WEBHOOK
Compatible FortiGate version: 6.4.0 or later
| Block Action | Expiry |
Default blocking time in seconds. Default is 3600 seconds. |
| URL |
Enter the request API URI. |
|
|
Authorization |
Enter the API key. |
|
| Unblock Action | Expiry |
Default blocking time in seconds. Default is 3600 seconds. |
| URL |
Enter the request API URI. |
|
|
Authorization |
Enter the API key. |
FNAC-WEBHOOK
Compatible FortiNAC version: 8.8.2.1714 or later.
| IP: |
IP address of the integrated device. |
| Port: |
Port number of the integrated device API service. Default is 443. |
| Authorization Token: |
The FortiNAC-WEBHOOK authorization token generated by FNAC. |
| Expiry: |
Default blocking time in seconds. Default is 3600 seconds. |
FortiEDR-Isolation
Compatible FortiEDR version: 5.0.2.305 or later.
| IP |
IP address of the integrated device. |
| Port |
Port number of the integrated device API service. Default is 443. |
| Organization\Username |
The FortiEDR organization and username. |
| Password |
Password of the integrated device. |
| Expiry |
Default blocking time in seconds. Default is 3600 seconds. |
FSM-Watch-List
| IP |
IP address of the integrated device. |
| Port |
Port number of the integrated device API service. Default is 443. |
| Username: |
Username of the integrated device. |
| Password: |
Password of the integrated device. |
| Organization |
Type the organization name for the integration device. |
| Verify SSL |
Enable to verify SSL. |
| Watch-List Name |
Type Watch-List Name as defined in FortiSIEM. |
| Lure Users-Manual Mode |
Type the other lures you want to watch. |
| Polling Time Interval |
Default polling time in seconds. Default is 3600 seconds. |
GEN-WEBHOOK
Compatible FortiNAC version: 8.8 or later (Firmware: 8.8.2.1714)
| Block Action: | Expiry |
Default blocking time in seconds. Default is 3600 seconds. |
| Http Method |
Select GET, POST, PUT, or PATCH |
|
| URL |
Enter the request API URI. |
|
| Authorization |
Enter the API key. |
|
| HTTP Header | ||
| HTTP Data |
Select Empty, Hacker-IP, Hacker-MAC, or Expiry-Time. |
|
| Unblock Action: | Http Method |
Select GET, POST, PUT, or PATCH |
| URL |
Enter the request API URI. |
|
| Authorization |
Enter the API key. |
|
| HTTP Header |
Select Empty, Hacker-IP, Hacker-MAC, or Expiry-Time. |
|
| HTTP Data |
Select Empty, Hacker-IP, Hacker-MAC, or Expiry-Time. |
IR Collector
| Domain |
The device domain. |
| Username |
Username of the integrated device. |
| Password |
Password of the integrated device. |
|
Limit |
The number of collections per endpoint per 24 hour. |
Microsoft-ATP
| Server URL |
Service base URI to connect and perform the automated operations. For example, https://api.securitycenter.microsoft.com. |
| Client ID |
Client ID of the Azure application that is used to access Windows Defender ATP |
| Client Secret |
Secret string that the application (used to access Windows Defender ATP) uses to prove its identity |
| Tenant ID |
Tenant ID of the Azure application |
| Verify SSL |
Enable to verify SSL. |
| Expiry |
Default blocking time in seconds. Default is 3600 seconds. |
PAN-XMLAPI
Compatible PAN-device version: 10.0.0 or later
| Device IP | IP address of the integrated device. |
| Port | Port number of the integrated device API service. Default is 443. |
| Username | Username of the integrated device. |
| Password | Password of the integrated device. |
| Vsys | The virtual system which is configured on PAN |
| Policy Index | Select Top or Bottom. |
| Expiry | Default blocking time in seconds. Default is 3600 seconds. |
SentinelOne Isolation
|
Server URL |
SentinelOne server URL. |
|
API Token |
The SentinelOne authorization token. |
|
API Version |
The version of the SentinelOne token. |
|
Verify SSL |
Enable to verify SSL. |
|
Expiry |
Default blocking time in seconds. Default is 3600 seconds. |
Windows Network Isolation
| Domain |
The device domain. |
| Username |
Username of the integrated device. |
| Password |
Password of the integrated device. |