Fortinet black logo

Beginning with FortiSOAR Cloud

Copy Link
Copy Doc ID abec5278-c086-11ec-9fd1-fa163e15d75b:935235
Download PDF

Beginning with FortiSOAR Cloud

Logging into FortiSOAR Cloud for the first time

From the FortiCloud portal, you can access the FortiSOAR web UI. On the FortiSOAR UI, you will be asked to accept the EULA, if it is not already accepted, and then get logged into the FortiSOAR UI and you will able to perform actions in FortiSOAR based on the roles you have been assigned, i.e., a 'Full Access' user or a 'Limited Access' user.

You can also access the FortiSOAR Cloud console from the FortiCloud portal. If you are logging into the console for the first time, then you must enter the default SSH credentials, which are csadmin/<your account_id>. You will be asked to change the default SSH passwords after successfully logging into the console. You will be again asked to log in using the updated credentials and then you will be presented with the EULA acceptance page. Once the EULA is accepted, you can start to use the FortiSOAR console.

For information on FortiSOAR features and how to use and configure them, see the FortiSOAR Documentation Library.

Also, by default, the SOAR Framework Solution Pack (SP) is installed. The SOAR Framework Solution Pack (SP) is the Foundational Solution Pack that creates the framework, including modules, dashboard, roles, widgets, etc., required for effective day-to-day operations of any SOC. From release 7.2.0 the Incident Response modules, i.e., Alerts, Incidents, Indicators, and War Rooms are not part of the FortiSOAR Cloud platform, making it essential for users to install the SOAR Framework SP to optimally use and experience FortiSOAR Cloud’s incident response. For detailed information about the SOAR Framework SP, see the SOAR Framework SP documentation.

Note

In release 7.2.0 the SOAR Framework Solution Pack is installed by default on your FortiSOAR Cloud system.

Secure Message Exchange

The FortiSOAR Cloud instance contains an embedded FortiSOAR Secure Message Exchange (SME). A secure message exchange establishes a secure channel that is used to relay information to the external agents or dedicated tenant nodes. The address of the embedded SME is set as the Cloud portal address and SME runs on port 5671.

Cloud App Menu

FortiSOAR displays a Cloud App Menu for users logging in through the Cloud portal. The Cloud App Menu is displayed in the FortiSOAR top bar and can be used to access other cloud applications such as FortiEDR, FortiCare, etc:

Cloud App Menu

Whenever you click on another cloud app, such as FortiAnalyzer, you will be redirected to the cloud portal of that app and you will be logged out of FortiSOAR and the FortiSOAR Cloud Portal. Clicking the Logout button also logs you out of both FortiSOAR and FortiSOAR Cloud Portal.

List of logs that can be used debugging FortiSOAR Cloud Cloud

Administrators can use various logs that FortiSOAR generates to troubleshoot FortiSOAR Cloud issues:

Log Name Purpose
/var/log/cyops/install/config-vm-<time-stamp-here>.log Used for troubleshooting issues that occur while configuring the VM.
/var/log/cyops/fcloud/ Used for troubleshooting issues related to other cloud related apps.

/var/log/cyops/csadm/secure-message-exchange.log

Used for troubleshooting issues related to the secure message exchange.

Beginning with FortiSOAR Cloud

Logging into FortiSOAR Cloud for the first time

From the FortiCloud portal, you can access the FortiSOAR web UI. On the FortiSOAR UI, you will be asked to accept the EULA, if it is not already accepted, and then get logged into the FortiSOAR UI and you will able to perform actions in FortiSOAR based on the roles you have been assigned, i.e., a 'Full Access' user or a 'Limited Access' user.

You can also access the FortiSOAR Cloud console from the FortiCloud portal. If you are logging into the console for the first time, then you must enter the default SSH credentials, which are csadmin/<your account_id>. You will be asked to change the default SSH passwords after successfully logging into the console. You will be again asked to log in using the updated credentials and then you will be presented with the EULA acceptance page. Once the EULA is accepted, you can start to use the FortiSOAR console.

For information on FortiSOAR features and how to use and configure them, see the FortiSOAR Documentation Library.

Also, by default, the SOAR Framework Solution Pack (SP) is installed. The SOAR Framework Solution Pack (SP) is the Foundational Solution Pack that creates the framework, including modules, dashboard, roles, widgets, etc., required for effective day-to-day operations of any SOC. From release 7.2.0 the Incident Response modules, i.e., Alerts, Incidents, Indicators, and War Rooms are not part of the FortiSOAR Cloud platform, making it essential for users to install the SOAR Framework SP to optimally use and experience FortiSOAR Cloud’s incident response. For detailed information about the SOAR Framework SP, see the SOAR Framework SP documentation.

Note

In release 7.2.0 the SOAR Framework Solution Pack is installed by default on your FortiSOAR Cloud system.

Secure Message Exchange

The FortiSOAR Cloud instance contains an embedded FortiSOAR Secure Message Exchange (SME). A secure message exchange establishes a secure channel that is used to relay information to the external agents or dedicated tenant nodes. The address of the embedded SME is set as the Cloud portal address and SME runs on port 5671.

Cloud App Menu

FortiSOAR displays a Cloud App Menu for users logging in through the Cloud portal. The Cloud App Menu is displayed in the FortiSOAR top bar and can be used to access other cloud applications such as FortiEDR, FortiCare, etc:

Cloud App Menu

Whenever you click on another cloud app, such as FortiAnalyzer, you will be redirected to the cloud portal of that app and you will be logged out of FortiSOAR and the FortiSOAR Cloud Portal. Clicking the Logout button also logs you out of both FortiSOAR and FortiSOAR Cloud Portal.

List of logs that can be used debugging FortiSOAR Cloud Cloud

Administrators can use various logs that FortiSOAR generates to troubleshoot FortiSOAR Cloud issues:

Log Name Purpose
/var/log/cyops/install/config-vm-<time-stamp-here>.log Used for troubleshooting issues that occur while configuring the VM.
/var/log/cyops/fcloud/ Used for troubleshooting issues related to other cloud related apps.

/var/log/cyops/csadm/secure-message-exchange.log

Used for troubleshooting issues related to the secure message exchange.