Fortinet black logo

Beginning with FortiSOAR Cloud

Copy Link
Copy Doc ID 2e7f8eeb-f2c9-11ec-bb32-fa163e15d75b:935235
Download PDF

Beginning with FortiSOAR Cloud

Logging into FortiSOAR Cloud for the first time

From the FortiCloud portal, you can access the FortiSOAR web UI. On the FortiSOAR UI, you will be asked to accept the EULA, if it is not already accepted, and then get logged into the FortiSOAR UI and you will able to perform actions in FortiSOAR based on the roles you have been assigned, i.e., a 'Full Access' user or a 'Limited Access' user.

You can also access the FortiSOAR Cloud console from the FortiCloud portal. If you are logging into the console for the first time, then you must enter the default SSH credentials, which are csadmin/<your account_id>. You will be asked to change the default SSH passwords after successfully logging into the console. You will be again asked to log in using the updated credentials and then you will be presented with the EULA acceptance page. Once the EULA is accepted, you can start to use the FortiSOAR console.

For information on FortiSOAR features and how to use and configure them, see the FortiSOAR Documentation Library.

Also, by default, the SOAR Framework Solution Pack (SP) is installed. The SOAR Framework Solution Pack (SP) is the Foundational Solution Pack that creates the framework, including modules, dashboard, roles, widgets, etc., required for effective day-to-day operations of any SOC. From release 7.2.0 the Incident Response modules, i.e., Alerts, Incidents, Indicators, and War Rooms are not part of the FortiSOAR Cloud platform, making it essential for users to install the SOAR Framework SP to optimally use and experience FortiSOAR Cloud’s incident response. For detailed information about the SOAR Framework SP, see the SOAR Framework SP documentation.

Note

From release 7.2.0 onwards, the SOAR Framework Solution Pack is installed by default with the fresh installations of FortiSOAR Cloud .

Secure Message Exchange

The FortiSOAR Cloud instance contains an embedded FortiSOAR Secure Message Exchange (SME). A secure message exchange establishes a secure channel that is used to relay information to the external agents or dedicated tenant nodes. The address of the embedded SME is set as the Cloud portal address and SME runs on port 5671.

Cloud App Menu

FortiSOAR displays a Cloud App Menu for users logging in through the Cloud portal. The Cloud App Menu is displayed in the FortiSOAR top bar and can be used to access other cloud applications such as FortiEDR, FortiCare, etc:

Cloud App Menu

Whenever you click on another cloud app, such as FortiAnalyzer, you will be redirected to the cloud portal of that app and you will be logged out of FortiSOAR and the FortiSOAR Cloud Portal. Clicking the Logout button also logs you out of both FortiSOAR and FortiSOAR Cloud Portal.

From release 7.2.1 onwards, a user profile icon is added to the top bar so that users who do not have access to the 'Security' module can edit their profile to set the theme for FortiSOAR, as well as email notification options.
User Preferences Dialog
To edit your user preferences, click the User Profile icon to display the User Profile dialog. on the User Profile dialog, in the Notifications section, select whether you want to get notified on your email account for system notifications and @mentions in the comments. In the Themes Settings section, select the FortiSOAR theme you want to use; you can choose between Dark, Light, and Space, with Space being the default. Once you have completed updating your profile, click Save on the User Profile dialog.

List of logs that can be used debugging FortiSOAR Cloud Cloud

Administrators can use various logs that FortiSOAR generates to troubleshoot FortiSOAR Cloud issues:

Log Name Purpose
/var/log/cyops/install/config-vm-<time-stamp-here>.log Used for troubleshooting issues that occur while configuring the VM.
/var/log/cyops/fcloud/ Used for troubleshooting issues related to other cloud related apps.

/var/log/cyops/csadm/secure-message-exchange.log

Used for troubleshooting issues related to the secure message exchange.

Beginning with FortiSOAR Cloud

Logging into FortiSOAR Cloud for the first time

From the FortiCloud portal, you can access the FortiSOAR web UI. On the FortiSOAR UI, you will be asked to accept the EULA, if it is not already accepted, and then get logged into the FortiSOAR UI and you will able to perform actions in FortiSOAR based on the roles you have been assigned, i.e., a 'Full Access' user or a 'Limited Access' user.

You can also access the FortiSOAR Cloud console from the FortiCloud portal. If you are logging into the console for the first time, then you must enter the default SSH credentials, which are csadmin/<your account_id>. You will be asked to change the default SSH passwords after successfully logging into the console. You will be again asked to log in using the updated credentials and then you will be presented with the EULA acceptance page. Once the EULA is accepted, you can start to use the FortiSOAR console.

For information on FortiSOAR features and how to use and configure them, see the FortiSOAR Documentation Library.

Also, by default, the SOAR Framework Solution Pack (SP) is installed. The SOAR Framework Solution Pack (SP) is the Foundational Solution Pack that creates the framework, including modules, dashboard, roles, widgets, etc., required for effective day-to-day operations of any SOC. From release 7.2.0 the Incident Response modules, i.e., Alerts, Incidents, Indicators, and War Rooms are not part of the FortiSOAR Cloud platform, making it essential for users to install the SOAR Framework SP to optimally use and experience FortiSOAR Cloud’s incident response. For detailed information about the SOAR Framework SP, see the SOAR Framework SP documentation.

Note

From release 7.2.0 onwards, the SOAR Framework Solution Pack is installed by default with the fresh installations of FortiSOAR Cloud .

Secure Message Exchange

The FortiSOAR Cloud instance contains an embedded FortiSOAR Secure Message Exchange (SME). A secure message exchange establishes a secure channel that is used to relay information to the external agents or dedicated tenant nodes. The address of the embedded SME is set as the Cloud portal address and SME runs on port 5671.

Cloud App Menu

FortiSOAR displays a Cloud App Menu for users logging in through the Cloud portal. The Cloud App Menu is displayed in the FortiSOAR top bar and can be used to access other cloud applications such as FortiEDR, FortiCare, etc:

Cloud App Menu

Whenever you click on another cloud app, such as FortiAnalyzer, you will be redirected to the cloud portal of that app and you will be logged out of FortiSOAR and the FortiSOAR Cloud Portal. Clicking the Logout button also logs you out of both FortiSOAR and FortiSOAR Cloud Portal.

From release 7.2.1 onwards, a user profile icon is added to the top bar so that users who do not have access to the 'Security' module can edit their profile to set the theme for FortiSOAR, as well as email notification options.
User Preferences Dialog
To edit your user preferences, click the User Profile icon to display the User Profile dialog. on the User Profile dialog, in the Notifications section, select whether you want to get notified on your email account for system notifications and @mentions in the comments. In the Themes Settings section, select the FortiSOAR theme you want to use; you can choose between Dark, Light, and Space, with Space being the default. Once you have completed updating your profile, click Save on the User Profile dialog.

List of logs that can be used debugging FortiSOAR Cloud Cloud

Administrators can use various logs that FortiSOAR generates to troubleshoot FortiSOAR Cloud issues:

Log Name Purpose
/var/log/cyops/install/config-vm-<time-stamp-here>.log Used for troubleshooting issues that occur while configuring the VM.
/var/log/cyops/fcloud/ Used for troubleshooting issues related to other cloud related apps.

/var/log/cyops/csadm/secure-message-exchange.log

Used for troubleshooting issues related to the secure message exchange.