Fortinet black logo

Administration Guide

Home FortiEDR/XDR 5.0.0 Administration Guide

Action Manager

5.0.0
6.2.0
6.0.0
5.2.1
5.2.0
5.1.0
5.0.0
4.2.0
4.1.1
4.1.0
Copy Link
Copy Doc ID 82fbe02c-e479-11eb-97f7-00505692583a:95784
Download PDF

Action Manager

FortiEDR enables you to define connectors to external systems, so that FortiEDR will automatically trigger predefined actions when a security event is triggered in FortiEDR. You can define your own actions while defining a Custom integration connector, Firewall integration connector or NAC integration connector (as described above). Each action is comprised of a Python script (one or several ones) that calls an API from the third-party system in order to perform the relevant action.

The Action Manager enables you to upload and manage (add, modify and delete) these actions and the Python scripts that call third-party systems’ APIs. Python 2.7 or later is supported.

To display the Action Manager:
  1. In the ADMINISTRATION tab, select INTEGRATIONS.
  2. Click the Action Manager button. The following displays:

To define a new action:
  1. Click the + Add action button in the top left corner of the window.
  2. Fill out the fields of this window as follows in order to define a new action to be triggered in response to an incident.

    Note – In order to trigger this action, a Playbook policy must be defined that triggers this action to execute the script when a security event is triggered. The definition of this new action here automatically adds this action as an option in a Playbook policy. This action however, is not selected by default in the Playbook policy. Therefore, you must go to the Playbook policy and select it in order for it to be triggered when a security event is triggered.

    Field

    Definition

    NameEnter any name for this action.
    DescriptionEnter a description of this action.
    Upload

    Upload a Python script that calls an API from the third-party system in order to perform the relevant action. Python 2.7 or later is supported. This Python script must be created according to the coding conventions that can be displayed by clicking the icon next to the Action Scripts field. The following displays providing an explanation of these coding conventions and provides various links that you can click to see more detail and/or to download sample files.

  3. Click Save.
To modify the script of an action:
  1. In the ADMINISTRATION tab, select INTEGRATIONS.
  2. Click the Action Manager button.
  3. Select the action of the script to be modified. The following displays:

  4. 4 In the Action Scripts area, hover over the name of the script in order to display various tools, as follows:

    Tool

    Description
    To overwrite the current script by uploading a different script instead of it.
    To download the action’s current script. For example, so that you can edit it.
    To delete the action’s selected script.
    To upload a new Python script that calls an API from the third-party system in order to perform the relevant action. Python 2.7 or later is supported.

    Note – To delete an action entirely, hover over its name in the list on the left and click the Trashcan icon.

  5. Click Save.
Previous
Next

Action Manager

FortiEDR enables you to define connectors to external systems, so that FortiEDR will automatically trigger predefined actions when a security event is triggered in FortiEDR. You can define your own actions while defining a Custom integration connector, Firewall integration connector or NAC integration connector (as described above). Each action is comprised of a Python script (one or several ones) that calls an API from the third-party system in order to perform the relevant action.

The Action Manager enables you to upload and manage (add, modify and delete) these actions and the Python scripts that call third-party systems’ APIs. Python 2.7 or later is supported.

To display the Action Manager:
  1. In the ADMINISTRATION tab, select INTEGRATIONS.
  2. Click the Action Manager button. The following displays:

To define a new action:
  1. Click the + Add action button in the top left corner of the window.
  2. Fill out the fields of this window as follows in order to define a new action to be triggered in response to an incident.

    Note – In order to trigger this action, a Playbook policy must be defined that triggers this action to execute the script when a security event is triggered. The definition of this new action here automatically adds this action as an option in a Playbook policy. This action however, is not selected by default in the Playbook policy. Therefore, you must go to the Playbook policy and select it in order for it to be triggered when a security event is triggered.

    Field

    Definition

    NameEnter any name for this action.
    DescriptionEnter a description of this action.
    Upload

    Upload a Python script that calls an API from the third-party system in order to perform the relevant action. Python 2.7 or later is supported. This Python script must be created according to the coding conventions that can be displayed by clicking the icon next to the Action Scripts field. The following displays providing an explanation of these coding conventions and provides various links that you can click to see more detail and/or to download sample files.

  3. Click Save.
To modify the script of an action:
  1. In the ADMINISTRATION tab, select INTEGRATIONS.
  2. Click the Action Manager button.
  3. Select the action of the script to be modified. The following displays:

  4. 4 In the Action Scripts area, hover over the name of the script in order to display various tools, as follows:

    Tool

    Description
    To overwrite the current script by uploading a different script instead of it.
    To download the action’s current script. For example, so that you can edit it.
    To delete the action’s selected script.
    To upload a new Python script that calls an API from the third-party system in order to perform the relevant action. Python 2.7 or later is supported.

    Note – To delete an action entirely, hover over its name in the list on the left and click the Trashcan icon.

  5. Click Save.
Previous
Next