Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY 26.2.0
Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Products Best Practices Hardware Guides Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
All Products
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Web Application Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
    • More >>
    Unified SASE
  • Single Vendor SASE
  • Cloud Network Security
  • Secure Endpoint Connectivity
  • Web Application / API Protection
    • More >>
    Security Operations
  • Security Operations Automation
  • Identity
  • Early Detection & Prevention
    • More >>
    Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
  • Communication & Surveillance
    • Unified SASE
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Cloud Network Security
  • Cloud-Native Security
  • Web Application / API Protection
    • Security Operations
  • Security Operations Automation
  • Endpoint
  • Data Protection
  • Identity
  • Email
  • Early Detection & Prevention
  • Expert Services
  • Edge Firewall
  • Orchestration & management
  • SD Branch
  • Application Delivery
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Secure Private Access
  • Thin Edge
  • Identity
  • Application Gateway
  • Enterprise Asset Management
  • Endpoint Agent
  • Agentless Security Posture
  • Identity
  • Wireless
  • Switching
  • Identity
  • Privilege Acccess Management
  • Next Generation Firewall
  • Orchestration & management
  • Expert Services
  • Web Application / API Protection
  • All
  • All
  • Account Management
  • SAAS Management
  • SAAS Application Security
  • Managed Services
  • Platform as a service (PAAS)
  • Other SAAS Services
    • 4D Resources
    Solution Hubs
  • 4D Pillars
  • Cloud
  • Popular Solutions
    • All Products

    User Guide

    Home FortiRecon 26.2.0 User Guide
    26.2.0
    26.2.0
    26.1.a
    26.1.0
    25.4.a
    25.4.0
    25.3.a
    25.3.0
    25.2.a
    25.2.0
    25.1.a
    25.1.0
    24.4.b
    24.4.a
    24.4.0
    24.3.a
    24.3.0
    24.2.b
    24.2.a
    24.2.0
    24.1.b
    24.1.a
    24.1.0
    23.4.a
    23.4.0
    23.3.a
    23.3.0
    23.2.b
    23.2.a
    23.2.0
    23.1.b
    23.1.a
    23.1.0
    22.4.a
    22.4.0
    22.3.0
    22.2.0

    Security Orchestration

    Security Orchestration

    The Security Orchestration module helps you investigate and respond to security threat findings from FortiRecon's Attack Surface Management, Brand Protection, and Adversary Centric Intelligence modules. This solution reduces the time responders require to prioritize and take appropriate actions by automating and streamlining security workflows.

    Every FortiRecon core subscription includes a standard entitlement of 100 playbook executions per month. You can increase your monthly limit by purchasing Security Orchestration Playbook add-on packs. Each pack adds 2000 executions to your monthly capacity. These licenses are stackable. See Standard FortiRecon Licensing.

    Example: If you purchase any one of the core solution bundles—EASM, EASM and BP, or EASM, BP, and ACI, you receive a default entitlement of 100 playbook executions per month.

    If you then purchase a Security Orchestration Playbook add-on, your total capacity increases to 2100 executions per month (100 from the core bundle + 2000 from the add-on). Each additional add-on pack stacks an extra 2000 executions onto your monthly limit.

    For steps to begin using the pre-defined playbooks, see Getting Started

    If you are an existing user of Security Orchestration, you must manually upgrade the FortiRecon Automation Service solution pack. This step is not necessary for new installations or for existing users who have not yet accessed Security Orchestration.

    1. To uninstall the older version of solution pack, navigate to Content Hub > Installed tab, apply the Solution Packs filter, select the FortiRecon Automation Service 1.0.0 entry, and then click Delete Template in the dialog box.

    2. To install the new version, navigate to Content Hub > Discover tab, apply the Solution Packs filter, search for and select FortiRecon Automation Service 1.0.1, and then click Install in the dialog box.

    For more information on managing Solution Packs, see Solution Packs .

    The Security Orchestration module contains the following tabs.

    Home The Home tab provides a quick overview of your Security Orchestration usage and available playbook collections. See Home.
    Playbooks The Playbooks tab allows you to create and manage your playbook collections and individual playbooks. See Playbooks Overview.
    Playbook Assets The Playbook Assets tab enables you to create and manage global variables and event templates for your playbooks. See Playbook Assets.
    Content Hub The Content Hub tab provides Discover and Installed tabs to help you install and manage connectors, widgets, and solution packs. See Content Hub.

    Agents

    The Agents tab allows you to create and manage agents. See Agents.

    Execution Logs

    The Execution Logs tab allows you view results and debug executed playbooks. See Execution Logs.

    Tasks

    The Tasks tab displays a list of automations that are awaiting your input before they can continue their execution. See Tasks.

    Previous
    Next

    Security Orchestration

    Security Orchestration

    The Security Orchestration module helps you investigate and respond to security threat findings from FortiRecon's Attack Surface Management, Brand Protection, and Adversary Centric Intelligence modules. This solution reduces the time responders require to prioritize and take appropriate actions by automating and streamlining security workflows.

    Every FortiRecon core subscription includes a standard entitlement of 100 playbook executions per month. You can increase your monthly limit by purchasing Security Orchestration Playbook add-on packs. Each pack adds 2000 executions to your monthly capacity. These licenses are stackable. See Standard FortiRecon Licensing.

    Example: If you purchase any one of the core solution bundles—EASM, EASM and BP, or EASM, BP, and ACI, you receive a default entitlement of 100 playbook executions per month.

    If you then purchase a Security Orchestration Playbook add-on, your total capacity increases to 2100 executions per month (100 from the core bundle + 2000 from the add-on). Each additional add-on pack stacks an extra 2000 executions onto your monthly limit.

    For steps to begin using the pre-defined playbooks, see Getting Started

    If you are an existing user of Security Orchestration, you must manually upgrade the FortiRecon Automation Service solution pack. This step is not necessary for new installations or for existing users who have not yet accessed Security Orchestration.

    1. To uninstall the older version of solution pack, navigate to Content Hub > Installed tab, apply the Solution Packs filter, select the FortiRecon Automation Service 1.0.0 entry, and then click Delete Template in the dialog box.

    2. To install the new version, navigate to Content Hub > Discover tab, apply the Solution Packs filter, search for and select FortiRecon Automation Service 1.0.1, and then click Install in the dialog box.

    For more information on managing Solution Packs, see Solution Packs .

    The Security Orchestration module contains the following tabs.

    Home The Home tab provides a quick overview of your Security Orchestration usage and available playbook collections. See Home.
    Playbooks The Playbooks tab allows you to create and manage your playbook collections and individual playbooks. See Playbooks Overview.
    Playbook Assets The Playbook Assets tab enables you to create and manage global variables and event templates for your playbooks. See Playbook Assets.
    Content Hub The Content Hub tab provides Discover and Installed tabs to help you install and manage connectors, widgets, and solution packs. See Content Hub.

    Agents

    The Agents tab allows you to create and manage agents. See Agents.

    Execution Logs

    The Execution Logs tab allows you view results and debug executed playbooks. See Execution Logs.

    Tasks

    The Tasks tab displays a list of automations that are awaiting your input before they can continue their execution. See Tasks.

    Previous
    Next