Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY 7.5.1
Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Products Best Practices Hardware Guides Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
All Products
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Web Application Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
    • More >>
    Unified SASE
  • Single Vendor SASE
  • Cloud Network Security
  • Secure Endpoint Connectivity
  • Web Application / API Protection
    • More >>
    Security Operations
  • Security Operations Automation
  • Identity
  • Early Detection & Prevention
    • More >>
    Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
  • Communication & Surveillance
    • Unified SASE
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Cloud Network Security
  • Cloud-Native Security
  • Web Application / API Protection
    • Security Operations
  • Security Operations Automation
  • Endpoint
  • Data Protection
  • Identity
  • Email
  • Early Detection & Prevention
  • Expert Services
  • Edge Firewall
  • Orchestration & management
  • SD Branch
  • Application Delivery
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Secure Private Access
  • Thin Edge
  • Identity
  • Application Gateway
  • Enterprise Asset Management
  • Endpoint Agent
  • Agentless Security Posture
  • Identity
  • Wireless
  • Switching
  • Identity
  • Privilege Acccess Management
  • Next Generation Firewall
  • Orchestration & management
  • Expert Services
  • Web Application / API Protection
  • All
  • All
  • Account Management
  • SAAS Management
  • SAAS Application Security
  • Managed Services
  • Platform as a service (PAAS)
  • Other SAAS Services
    • 4D Resources
    Solution Hubs
  • 4D Pillars
  • Cloud
  • Popular Solutions
    • All Products

    User Guide

    Home FortiSIEM 7.5.1 User Guide
    7.5.1
    7.5.1
    7.5.0
    7.4.2
    7.4.1
    7.4.0
    7.3.5
    7.3.4
    7.3.3
    7.3.2
    7.3.1
    7.3.0
    7.2.7
    7.2.6
    7.2.5
    7.2.4
    7.2.3
    7.2.2
    7.2.1
    7.2.0
    7.1.9
    7.1.8
    7.1.7
    7.1.6
    7.1.5
    7.1.4
    7.1.3
    7.1.2
    7.1.1
    7.1.0
    7.0.4
    7.0.3
    7.0.2
    7.0.1
    7.0.0
    4.10.0
    4.9.0
    4.8.1
    4.7.2

    Jira Integration

    Jira Integration

    Configuring Jira for FortiSIEM Integration

    Before configuring Jira, you must log in to your Jira account and create an API Key. Follow these steps.

    1. Log in to your Jira account.
    2. Create an API Key.
    3. Use the GUI user name and API Key in FortiSIEM.

    Jira Incident Outbound Integration

    Jira outbound integration allows a user to map FortiSIEM fields to Jira ticket fields and to create incidents in Jira. When the integration runs, FortiSIEM looks for incidents that match the mappings and creates a ticket in the Jira system.

    To create an outbound integration, follow these steps.

    Step 1: Create an Integration

    1. Go to Admin > Settings > General > External Integration.
    2. Click + to create a new integration or click the Edit () icon to modify an existing integration.
    3. In the Integration Policy dialog box, provide the following values:
      • Type: select Incident.
      • Direction: select Outbound.
      • Vendor: select Jira.
      • Instance: enter an instance name or accept the default.
      • Plugin Name: is pre-populated with the name of the Jira integration class: com.accelops.phoenix.jira.JiraTicketIntegration.
      • Host/URL, enter the URL of the Jira provider, for example, https://<customer>.atlassian.net.
      • Username and Password, enter your Jira user name and password.
    4. Click the edit icon next to Field Mapping.
    5. In the Field Mapping dialog box, provide the following values:
      • Project: enter a name for the project
      • Issue Type: select Event.
      • The Summary: field is pre-populated with the Incident Rule Name ($ruleName).
      • For Description: click the edit icon to build the expression for the Jira issue description. The drop-down list contains FortiSIEM fields that can be mapped to.
      • The Priority: field is pre-populated with Incident Severity Category ($incident_severityCat).
    6. Create mappings between Jira fields and FortiSIEM fields by clicking New.
      Select Jira fields from the upper drop-down list and match them with corresponding FortiSIEM fields in the lower drop-down list.
    7. Click Save when you are finished mapping fileds. The mappings are reflected in the table in the Field Mapping dialog box.
      Note: Click Cancel to dismiss the Mapping Fields dialog box.

    Step 2: Link Integration to an Automation Policy

    You need to link the integration to an automation policy, so that the integration runs when the automation policy triggers.

    Take the following steps.

    1. Go to Admin > Settings > General > Automation Policy.
    2. Click + to create a new policy or click the Edit () icon to edit an existing policy.
    3. In the Automation Policy dialog box, select Action > Invoke an Integration Policy, then select the edit icon.
    4. Choose a specific integration from the drop-down list.
    5. Click Save.

    Jira Incident Inbound Integration

    Jira inbound integration allows a user to close a ticket in FortiSIEM if the ticket is closed in Jira.

    To create an inbound integration, follow these steps.

    Step 1: Create an Integration

    1. Go to Admin > Settings > General > External Integration.
    2. Click + to create a new integration or click the Edit () icon to modify an existing integration.
    3. In the Integration Policy dialog box, provide the following values:
      • Type: select Incident.
      • Direction: select Inbound.
      • Vendor: select Jira.
      • Instance: enter an instance name or accept the default.
      • Plugin Name: is pre-populated with the name of the Jira integration class: com.accelops.phoenix.jira.JiraTicketIntegration.
      • Host/URL, enter the URL of the Jira provider, for example, https://<customer>.atlassian.net.
      • Username and Password, enter your Jira user name and password.
      • Description: enter an optional description of the integration.
      • Time Window: enter the number of hours for which incident states will be synched. For example, if time windows is set to 10 hours, the states of incidents that occurred in the last 10 hours will be synched.
    4. Click the edit icon next to Field Mapping.
    5. In the Field Mapping dialog box, provide the following values:
      • Project: enter a name for the project.
      • Issue Type: select Event.
      • The Summary: field is pre-populated with the Incident Rule Name ($ruleName).
      • For Description: click the edit icon to build the expression for the Jira issue description. The drop-down list contains FortiSIEM fields that can be mapped to.
      • The Priority: field is pre-populated with Incident Severity Category ($incident_severityCat).
    6. Create mappings between Jira fields and FortiSIEM fields by clicking New.

      Select Jira fields from the upper drop-down list and match them with corresponding FortiSIEM fields in the lower drop-down list.

    7. Click Save when you are finished mapping fileds. The mappings are reflected in the table in the Field Mapping dialog box.
      Note: Click Cancel to dismiss the Mapping Fields dialog box.

    Step 2: Create an Incident Inbound Integration Schedule

    This determines the schedule on which the inbound integration policy defined in Step 1: Create an Incident Inbound Integration will be run.

    1. Log into your Supervisor node with administrator credentials.
    2. Navigate to Admin > Settings > General > External Integration.
    3. Click the Schedule () icon.
    4. Click + to open the Integration Policy Schedules window.
      1. From the Integration Policy column, select your integration policy and move it to the Selected column.
      2. Under Time Range, configure your schedule by taking the following steps.
        1. In the Start Time field, enter the start time of your schedule.
        2. From the Local/UTC Timeand Region drop-down lists, configure the start time of the schedule.
      3. Under Recurrence Pattern, configure the frequency.
        1. Select Once, Minutely, Hourly, Daily, Weekly, or Monthly for the schedule's recurrence pattern. Depending on what is selected, configure the related date/time schedule attributes.
        2. In the Start From field, enter the date which the schedule starts.
      4. When done, click Save.
    Previous
    Next

    Jira Integration

    Jira Integration

    Configuring Jira for FortiSIEM Integration

    Before configuring Jira, you must log in to your Jira account and create an API Key. Follow these steps.

    1. Log in to your Jira account.
    2. Create an API Key.
    3. Use the GUI user name and API Key in FortiSIEM.

    Jira Incident Outbound Integration

    Jira outbound integration allows a user to map FortiSIEM fields to Jira ticket fields and to create incidents in Jira. When the integration runs, FortiSIEM looks for incidents that match the mappings and creates a ticket in the Jira system.

    To create an outbound integration, follow these steps.

    Step 1: Create an Integration

    1. Go to Admin > Settings > General > External Integration.
    2. Click + to create a new integration or click the Edit () icon to modify an existing integration.
    3. In the Integration Policy dialog box, provide the following values:
      • Type: select Incident.
      • Direction: select Outbound.
      • Vendor: select Jira.
      • Instance: enter an instance name or accept the default.
      • Plugin Name: is pre-populated with the name of the Jira integration class: com.accelops.phoenix.jira.JiraTicketIntegration.
      • Host/URL, enter the URL of the Jira provider, for example, https://<customer>.atlassian.net.
      • Username and Password, enter your Jira user name and password.
    4. Click the edit icon next to Field Mapping.
    5. In the Field Mapping dialog box, provide the following values:
      • Project: enter a name for the project
      • Issue Type: select Event.
      • The Summary: field is pre-populated with the Incident Rule Name ($ruleName).
      • For Description: click the edit icon to build the expression for the Jira issue description. The drop-down list contains FortiSIEM fields that can be mapped to.
      • The Priority: field is pre-populated with Incident Severity Category ($incident_severityCat).
    6. Create mappings between Jira fields and FortiSIEM fields by clicking New.
      Select Jira fields from the upper drop-down list and match them with corresponding FortiSIEM fields in the lower drop-down list.
    7. Click Save when you are finished mapping fileds. The mappings are reflected in the table in the Field Mapping dialog box.
      Note: Click Cancel to dismiss the Mapping Fields dialog box.

    Step 2: Link Integration to an Automation Policy

    You need to link the integration to an automation policy, so that the integration runs when the automation policy triggers.

    Take the following steps.

    1. Go to Admin > Settings > General > Automation Policy.
    2. Click + to create a new policy or click the Edit () icon to edit an existing policy.
    3. In the Automation Policy dialog box, select Action > Invoke an Integration Policy, then select the edit icon.
    4. Choose a specific integration from the drop-down list.
    5. Click Save.

    Jira Incident Inbound Integration

    Jira inbound integration allows a user to close a ticket in FortiSIEM if the ticket is closed in Jira.

    To create an inbound integration, follow these steps.

    Step 1: Create an Integration

    1. Go to Admin > Settings > General > External Integration.
    2. Click + to create a new integration or click the Edit () icon to modify an existing integration.
    3. In the Integration Policy dialog box, provide the following values:
      • Type: select Incident.
      • Direction: select Inbound.
      • Vendor: select Jira.
      • Instance: enter an instance name or accept the default.
      • Plugin Name: is pre-populated with the name of the Jira integration class: com.accelops.phoenix.jira.JiraTicketIntegration.
      • Host/URL, enter the URL of the Jira provider, for example, https://<customer>.atlassian.net.
      • Username and Password, enter your Jira user name and password.
      • Description: enter an optional description of the integration.
      • Time Window: enter the number of hours for which incident states will be synched. For example, if time windows is set to 10 hours, the states of incidents that occurred in the last 10 hours will be synched.
    4. Click the edit icon next to Field Mapping.
    5. In the Field Mapping dialog box, provide the following values:
      • Project: enter a name for the project.
      • Issue Type: select Event.
      • The Summary: field is pre-populated with the Incident Rule Name ($ruleName).
      • For Description: click the edit icon to build the expression for the Jira issue description. The drop-down list contains FortiSIEM fields that can be mapped to.
      • The Priority: field is pre-populated with Incident Severity Category ($incident_severityCat).
    6. Create mappings between Jira fields and FortiSIEM fields by clicking New.

      Select Jira fields from the upper drop-down list and match them with corresponding FortiSIEM fields in the lower drop-down list.

    7. Click Save when you are finished mapping fileds. The mappings are reflected in the table in the Field Mapping dialog box.
      Note: Click Cancel to dismiss the Mapping Fields dialog box.

    Step 2: Create an Incident Inbound Integration Schedule

    This determines the schedule on which the inbound integration policy defined in Step 1: Create an Incident Inbound Integration will be run.

    1. Log into your Supervisor node with administrator credentials.
    2. Navigate to Admin > Settings > General > External Integration.
    3. Click the Schedule () icon.
    4. Click + to open the Integration Policy Schedules window.
      1. From the Integration Policy column, select your integration policy and move it to the Selected column.
      2. Under Time Range, configure your schedule by taking the following steps.
        1. In the Start Time field, enter the start time of your schedule.
        2. From the Local/UTC Timeand Region drop-down lists, configure the start time of the schedule.
      3. Under Recurrence Pattern, configure the frequency.
        1. Select Once, Minutely, Hourly, Daily, Weekly, or Monthly for the schedule's recurrence pattern. Depending on what is selected, configure the related date/time schedule attributes.
        2. In the Start From field, enter the date which the schedule starts.
      4. When done, click Save.
    Previous
    Next