Fortinet black logo

FortiSOAR™ Built-in connectors

Home FortiSOAR FortiSOAR™ Built-in connectors

FortiSOAR™ Built-in connectors

Copy Link
Copy Doc ID 4b1bc8de-8975-44d4-89d6-b6f26964ad6b:1

Overview

FortiSOAR™ provides you with a number of pre-installed connectors or built-ins that you can use within FortiSOAR™ playbooks, as a connector step, and perform automated operations.

These connectors are bundled and named based on the type of operations the connectors can perform. For example, the Database connector would contain actions that you can perform with respect to the database like querying the database. It is easy to extend and enhance these connectors.

Important: Before you upgrade your FortiSOAR™ version, it is highly recommended that you take a backup of your FortiSOAR™ Built-in connector's (SSH, IMAP, Database, etc.) configuration since the configuration of your FortiSOAR™ Built-in connectors might be reset if there are changes to the configuration parameters across versions.

Apart from the FortiSOAR™ Built-in connectors, Fortinet also provides a number of connectors for popular integrations like SIEMs, such as FortiSIEM, Splunk, etc., and Ticketing systems such as Jira. You can see a list of published connectors on the FortiSOAR Connectors Documentation site.

FortiSOAR™ in version 6.0.0 has refactored the output of some operations of some built-in connectors such as the "Email: Extracts email's metadata from email file" operation of the Utilities connector. Due to refactoring, there have been some changes to the output of the Utilities connector which are not backward compatible. For example, the body key in the response now returns a dictionary with keys 'json', 'html' instead of an array of these. It is recommended to switch to the new format. However, if you want to retain the old output format, and you have only upgraded the connector version and not upgraded your FortiSOAR™ version, then you must do the following:

  1. Append the following in the /opt/cyops-integrations/integrations/configs/config.ini file:
    [connector_configuration]
    extract_email_metadata_legacy: true
    The output of the "Email: Extracts email's metadata from email file" operation is determined by the extract_email_metadata_legacy parameter. If the extract_email_metadata_legacy parameter is set as true then the output will be generated in the old format, and if it is set as false, then the output will be generated in the new format.
  2. Add the following at the end of the /opt/cyops-integrations/integrations/integrations/settings.py file:
    APPLICATION_CONFIG = application_config
  3. Restart the uswgi service using the following command:
    # systemctl restart uwsgi

Important: If you are upgrading to FortiSOAR™ 6.0.0, then you need to perform only steps 1 and 3.

Configuring the FortiSOAR™ Built-in connectors

To configure FortiSOAR™ Built-in connectors, you must be assigned a role that has a minimum of Update access to the Connectors module.

The process of installing, configuring, and using connectors is defined in the Introduction to connectors chapter in the "Connectors Guide", which is part of the FortiSOAR™ documentation or see the Installing a connector and Configuring a connector articles.

Upgrading the FortiSOAR™ Built-in connectors

FortiSOAR™ Built-in connectors are upgraded by default with a FortiSOAR™ upgrade. You should use the Content Hub or Connector Store from version 5.0.0 onwards to upgrade your connectors to the latest version, in case you want to only upgrade the connectors and not FortiSOAR™. For more information on the Content Hub or Connector Store, see the Introduction to connectors chapter.

Prior to version 5.0.0, you could upgrade a connector on an existing version, i.e, without upgrading FortiSOAR™, by running the following command as a root user:

# yum update cyops-connector-<connector name>

For example, # yum update cyops-connector-cyops-imap

Important: After you upgrade to FortiSOAR™ 6.0.0 and before you reconfigure ingestion for the same connector configuration, you must deactivate the earlier ingestion playbooks that are present in the ingestion collection for the connector. The links to the ingestion playbooks that were created prior to the upgrade will be present on the System Fixtures page in the "Ingestion Playbooks" section and will not be visible in the Data Ingestion tab (new in version 6.0.0) of the "Connectors" page. If your data ingestion is schedule-based, then you must also stop or delete the earlier schedules for the connector.

Built-in connectors

The following built-in connectors are included by default in FortiSOAR™:

Previous
Next

Overview

FortiSOAR™ provides you with a number of pre-installed connectors or built-ins that you can use within FortiSOAR™ playbooks, as a connector step, and perform automated operations.

These connectors are bundled and named based on the type of operations the connectors can perform. For example, the Database connector would contain actions that you can perform with respect to the database like querying the database. It is easy to extend and enhance these connectors.

Important: Before you upgrade your FortiSOAR™ version, it is highly recommended that you take a backup of your FortiSOAR™ Built-in connector's (SSH, IMAP, Database, etc.) configuration since the configuration of your FortiSOAR™ Built-in connectors might be reset if there are changes to the configuration parameters across versions.

Apart from the FortiSOAR™ Built-in connectors, Fortinet also provides a number of connectors for popular integrations like SIEMs, such as FortiSIEM, Splunk, etc., and Ticketing systems such as Jira. You can see a list of published connectors on the FortiSOAR Connectors Documentation site.

FortiSOAR™ in version 6.0.0 has refactored the output of some operations of some built-in connectors such as the "Email: Extracts email's metadata from email file" operation of the Utilities connector. Due to refactoring, there have been some changes to the output of the Utilities connector which are not backward compatible. For example, the body key in the response now returns a dictionary with keys 'json', 'html' instead of an array of these. It is recommended to switch to the new format. However, if you want to retain the old output format, and you have only upgraded the connector version and not upgraded your FortiSOAR™ version, then you must do the following:

  1. Append the following in the /opt/cyops-integrations/integrations/configs/config.ini file:
    [connector_configuration]
    extract_email_metadata_legacy: true
    The output of the "Email: Extracts email's metadata from email file" operation is determined by the extract_email_metadata_legacy parameter. If the extract_email_metadata_legacy parameter is set as true then the output will be generated in the old format, and if it is set as false, then the output will be generated in the new format.
  2. Add the following at the end of the /opt/cyops-integrations/integrations/integrations/settings.py file:
    APPLICATION_CONFIG = application_config
  3. Restart the uswgi service using the following command:
    # systemctl restart uwsgi

Important: If you are upgrading to FortiSOAR™ 6.0.0, then you need to perform only steps 1 and 3.

Configuring the FortiSOAR™ Built-in connectors

To configure FortiSOAR™ Built-in connectors, you must be assigned a role that has a minimum of Update access to the Connectors module.

The process of installing, configuring, and using connectors is defined in the Introduction to connectors chapter in the "Connectors Guide", which is part of the FortiSOAR™ documentation or see the Installing a connector and Configuring a connector articles.

Upgrading the FortiSOAR™ Built-in connectors

FortiSOAR™ Built-in connectors are upgraded by default with a FortiSOAR™ upgrade. You should use the Content Hub or Connector Store from version 5.0.0 onwards to upgrade your connectors to the latest version, in case you want to only upgrade the connectors and not FortiSOAR™. For more information on the Content Hub or Connector Store, see the Introduction to connectors chapter.

Prior to version 5.0.0, you could upgrade a connector on an existing version, i.e, without upgrading FortiSOAR™, by running the following command as a root user:

# yum update cyops-connector-<connector name>

For example, # yum update cyops-connector-cyops-imap

Important: After you upgrade to FortiSOAR™ 6.0.0 and before you reconfigure ingestion for the same connector configuration, you must deactivate the earlier ingestion playbooks that are present in the ingestion collection for the connector. The links to the ingestion playbooks that were created prior to the upgrade will be present on the System Fixtures page in the "Ingestion Playbooks" section and will not be visible in the Data Ingestion tab (new in version 6.0.0) of the "Connectors" page. If your data ingestion is schedule-based, then you must also stop or delete the earlier schedules for the connector.

Built-in connectors

The following built-in connectors are included by default in FortiSOAR™:

Previous
Next