This integration offers support capabilities for the AI bot that serves as your assistant and advisor for security automation and investigation.
This connector must be used in conjunction with the 'Fortinet Advisor' solution pack to be able to provide any real utility. You must install both the connector and the solution pack to be able to take advantage of the generative AI capabilities of the AI bot. For more information, see the Fortinet Advisor solution pack documentation.
Version information
Connector Version: 1.0.0
FortiSOAR™ Version Tested on: 7.4.3
Authored By: Fortinet
Certified: Yes
Use the Content Hub to install the connector. For the detailed procedure to install a connector, click here.
You can also use the yum command as a root user to install the connector:
yum install cyops-connector-aiassistant-utils
NOTE: You do not need to configure this connector; it is ready for usage.
The following automated operations can be included in playbooks, and you can also use the annotations to access operations from FortiSOAR™:
| Function | Description | Annotation and Category |
|---|---|---|
| Find Similar Documents | Identifies documents in the training database that match the user query, using which you can automate the specified task. | get_similar_documents Investigation |
| Refresh Training Data | Fine-tune the playbook steps model by utilizing data from your own playbook collections. | refresh_collection Investigation |
| Generate Playbook Steps Prompt | Creates a simple input prompt that can be used to build playbook steps and examples based on the sample, specific task, etc. you have specified. | generate_steps_prompt Utilities |
| Generate Flowchart Prompt | Creates a simple input prompt that can be used to generate the playbook's YML with examples according to the workflow or instructions you have specified. | generate_flowchart_prompt Utilities |
| Utility to connect steps into a Playbook Block | Connects the JSONs of the specified playbook steps into a playbook block. | generate_playbook_block Utilities |
| Parameter | Description |
|---|---|
| Task | Specify the name of the task that you want to automate. For example, you can enter a task name such as, "Enrich IP using VirusTotal" if you want to enrich an IP address using VirusTotal. |
| Whether its a decision step, user input or another action | Select the type of task (step) that you want to automate. You can choose between, Action, Decision, Input, or Trigger. |
| Number of matches | Specify the maximum number of matches that you want this operation to return. By default, this is set to 10. |
The output contains the following populated JSON schema:
{
"status": 0,
"message": [
{
"matching step key": "matching step value"
}
]
}
| Parameter | Description |
|---|---|
| Export File IRI | Specify the IRI of the export template, in the '/api/3/files/' format that contains the playbook collections data to be used for refreshing your training data. |
The output contains the following populated JSON schema:
{
"status": 0,
"message": "Refreshed training data"
}
| Parameter | Description |
|---|---|
| Samples | Specify the list of examples in the JSON format using which you want to generate the playbook steps prompt. |
| Task | Specify the name of the task that you want to automate. For example, you can enter a task name such as, "Enrich IP using VirusTotal" if you want to enrich an IP address using VirusTotal. |
| Previous Steps | Specify the outputs of the previous steps in the JSON format. The output from the previous steps can be utilized as inputs for the playbook steps you want to create. |
The output contains a text response with the prompt.
| Parameter | Description |
|---|---|
| Instructions | Specify the workflow you want to automate. For example, "Extract IPs from the Alert Description. Enrich the IPs using VirusTotal. If any of them are malicious, raise the severity of the alert to 'Critical'." |
| Provide the prompt in the form of a conversation | Select this option if you want the prompt to be an array of conversations (default). Clear this option, if you want the prompt to be a single input. |
The output contains a text response with the prompt.
| Parameter | Description |
|---|---|
| List of steps | Specify the list of steps, in JSON format, that you want to group together to create a playbook block. |
The output contains the following populated JSON schema:
{
"steps": [
{
"top": 40,
"left": 120,
"name": "On Create of Alert",
"uuid": "47826503-681f-4f46-9815-741f8d2f41db",
"group": "/api/3/workflow_groups/dfe695e9-affc-460d-b2bc-9aa6e8ed4094",
"stepType": {
"id": 31,
"@id": "/api/3/workflow_step_types/ea155646-3821-4542-9702-b246da430a8d",
"icon": "icon icon-on-create",
"name": "cybersponse.post_create",
"uuid": "ea155646-3821-4542-9702-b246da430a8d",
"@type": "WorkflowStepType",
"index": 120,
"parent": "/api/3/workflow_step_types/b348f017-9a94-471f-87f8-ce88b6a7ad62",
"widget": null,
"visible": true,
"arguments": [],
"background": "#e1e815",
"collection": "/api/3/step_type_collections/51627f80-3dd5-4260-b86d-cc53a7cece15",
"deprecated": false,
"description": "Triggered on the creation of records that match the specified criteria.",
"displayName": "On Create"
},
"arguments": {
"resource": "alerts",
"resources": [
"alerts"
],
"step_variables": {
"input": {
"params": [],
"records": [
"{{vars.input.records[0]}}"
]
}
},
"fieldbasedtrigger": {
"sort": [],
"limit": 30,
"logic": "AND",
"filters": [
{
"type": "object",
"field": "type",
"value": "/api/3/picklists/0b3ef6f9-eb29-4ab9-ac98-98364bd1a3aa",
"_value": {
"@id": "/api/3/picklists/0b3ef6f9-eb29-4ab9-ac98-98364bd1a3aa",
"display": "Phishing",
"itemValue": "Phishing"
},
"operator": "eq"
}
]
}
}
},
{
"top": 160,
"left": 120,
"name": "Add Comment Saying Hello",
"uuid": "1e809344-e3a6-4995-90c3-03f1afe5eb6c",
"group": "/api/3/workflow_groups/dfe695e9-affc-460d-b2bc-9aa6e8ed4094",
"stepType": {
"id": 42,
"@id": "/api/3/workflow_step_types/2597053c-e718-44b4-8394-4d40fe26d357",
"icon": "icon icon-create-record",
"name": "InsertData",
"uuid": "2597053c-e718-44b4-8394-4d40fe26d357",
"@type": "WorkflowStepType",
"index": 110,
"parent": "/api/3/workflow_step_types/74932bdc-b8b6-4d24-88c4-1a4dfbc524f3",
"widget": null,
"visible": true,
"arguments": {
"script": "/wf/workflow/tasks/insert_data"
},
"background": "#f7ac20",
"collection": "/api/3/step_type_collections/c04ab14a-669e-4502-92a3-3beef3cf6219",
"deprecated": false,
"description": null,
"displayName": "Create Record"
},
"arguments": {
"resource": {
"alerts": "{{vars.input.records[0][\"@id\"]') }}",
"content": "Hello"
},
"_showJson": false,
"operation": "Overwrite",
"collection": "/api/3/comments",
"fieldOperation": {
"recordTags": "Overwrite"
},
"step_variables": []
}
}
],
"groups": [
{
"@id": "/api/3/workflow_groups/dfe695e9-affc-460d-b2bc-9aa6e8ed4094",
"top": "25",
"left": "750",
"name": "AI Generated Block. Needs Review.",
"type": "block",
"uuid": "dfe695e9-affc-460d-b2bc-9aa6e8ed4094",
"@type": "WorkflowGroup",
"width": "500",
"height": "280",
"metadata": [],
"reusable": false,
"hideInLogs": false,
"recordTags": [],
"description": "AI Generated Block. Needs Review.",
"isCollapsed": false,
"hasTriggerStep": false
}
],
"routes": [
{
"name": "On Create of Alert -> Add Comment Saying Hello",
"uuid": "6028730b-faa5-4f11-8531-d3bd86e2e237",
"@type": "WorkflowRoute",
"group": "/api/3/workflow_groups/dfe695e9-affc-460d-b2bc-9aa6e8ed4094",
"sourceStep": {
"uuid": "47826503-681f-4f46-9815-741f8d2f41db"
},
"targetStep": {
"uuid": "1e809344-e3a6-4995-90c3-03f1afe5eb6c"
}
}
],
"connectors_not_installed": []
}
The Sample - AI Assistant Utils - 1.0.0 playbook collection comes bundled with the AI Assistant Utils connector. These playbooks contain steps using which you can perform all supported actions. You can see bundled playbooks in the Automation > Playbooks section in FortiSOAR™ after importing the AI Assistant Utils connector.
Note: If you are planning to use any of the sample playbooks in your environment, ensure that you clone those playbooks and move them to a different collection since the sample playbook collection gets overwritten during the connector upgrade and gets deleted during connector uninstall.
This integration offers support capabilities for the AI bot that serves as your assistant and advisor for security automation and investigation.
This connector must be used in conjunction with the 'Fortinet Advisor' solution pack to be able to provide any real utility. You must install both the connector and the solution pack to be able to take advantage of the generative AI capabilities of the AI bot. For more information, see the Fortinet Advisor solution pack documentation.
Version information
Connector Version: 1.0.0
FortiSOAR™ Version Tested on: 7.4.3
Authored By: Fortinet
Certified: Yes
Use the Content Hub to install the connector. For the detailed procedure to install a connector, click here.
You can also use the yum command as a root user to install the connector:
yum install cyops-connector-aiassistant-utils
NOTE: You do not need to configure this connector; it is ready for usage.
The following automated operations can be included in playbooks, and you can also use the annotations to access operations from FortiSOAR™:
| Function | Description | Annotation and Category |
|---|---|---|
| Find Similar Documents | Identifies documents in the training database that match the user query, using which you can automate the specified task. | get_similar_documents Investigation |
| Refresh Training Data | Fine-tune the playbook steps model by utilizing data from your own playbook collections. | refresh_collection Investigation |
| Generate Playbook Steps Prompt | Creates a simple input prompt that can be used to build playbook steps and examples based on the sample, specific task, etc. you have specified. | generate_steps_prompt Utilities |
| Generate Flowchart Prompt | Creates a simple input prompt that can be used to generate the playbook's YML with examples according to the workflow or instructions you have specified. | generate_flowchart_prompt Utilities |
| Utility to connect steps into a Playbook Block | Connects the JSONs of the specified playbook steps into a playbook block. | generate_playbook_block Utilities |
| Parameter | Description |
|---|---|
| Task | Specify the name of the task that you want to automate. For example, you can enter a task name such as, "Enrich IP using VirusTotal" if you want to enrich an IP address using VirusTotal. |
| Whether its a decision step, user input or another action | Select the type of task (step) that you want to automate. You can choose between, Action, Decision, Input, or Trigger. |
| Number of matches | Specify the maximum number of matches that you want this operation to return. By default, this is set to 10. |
The output contains the following populated JSON schema:
{
"status": 0,
"message": [
{
"matching step key": "matching step value"
}
]
}
| Parameter | Description |
|---|---|
| Export File IRI | Specify the IRI of the export template, in the '/api/3/files/' format that contains the playbook collections data to be used for refreshing your training data. |
The output contains the following populated JSON schema:
{
"status": 0,
"message": "Refreshed training data"
}
| Parameter | Description |
|---|---|
| Samples | Specify the list of examples in the JSON format using which you want to generate the playbook steps prompt. |
| Task | Specify the name of the task that you want to automate. For example, you can enter a task name such as, "Enrich IP using VirusTotal" if you want to enrich an IP address using VirusTotal. |
| Previous Steps | Specify the outputs of the previous steps in the JSON format. The output from the previous steps can be utilized as inputs for the playbook steps you want to create. |
The output contains a text response with the prompt.
| Parameter | Description |
|---|---|
| Instructions | Specify the workflow you want to automate. For example, "Extract IPs from the Alert Description. Enrich the IPs using VirusTotal. If any of them are malicious, raise the severity of the alert to 'Critical'." |
| Provide the prompt in the form of a conversation | Select this option if you want the prompt to be an array of conversations (default). Clear this option, if you want the prompt to be a single input. |
The output contains a text response with the prompt.
| Parameter | Description |
|---|---|
| List of steps | Specify the list of steps, in JSON format, that you want to group together to create a playbook block. |
The output contains the following populated JSON schema:
{
"steps": [
{
"top": 40,
"left": 120,
"name": "On Create of Alert",
"uuid": "47826503-681f-4f46-9815-741f8d2f41db",
"group": "/api/3/workflow_groups/dfe695e9-affc-460d-b2bc-9aa6e8ed4094",
"stepType": {
"id": 31,
"@id": "/api/3/workflow_step_types/ea155646-3821-4542-9702-b246da430a8d",
"icon": "icon icon-on-create",
"name": "cybersponse.post_create",
"uuid": "ea155646-3821-4542-9702-b246da430a8d",
"@type": "WorkflowStepType",
"index": 120,
"parent": "/api/3/workflow_step_types/b348f017-9a94-471f-87f8-ce88b6a7ad62",
"widget": null,
"visible": true,
"arguments": [],
"background": "#e1e815",
"collection": "/api/3/step_type_collections/51627f80-3dd5-4260-b86d-cc53a7cece15",
"deprecated": false,
"description": "Triggered on the creation of records that match the specified criteria.",
"displayName": "On Create"
},
"arguments": {
"resource": "alerts",
"resources": [
"alerts"
],
"step_variables": {
"input": {
"params": [],
"records": [
"{{vars.input.records[0]}}"
]
}
},
"fieldbasedtrigger": {
"sort": [],
"limit": 30,
"logic": "AND",
"filters": [
{
"type": "object",
"field": "type",
"value": "/api/3/picklists/0b3ef6f9-eb29-4ab9-ac98-98364bd1a3aa",
"_value": {
"@id": "/api/3/picklists/0b3ef6f9-eb29-4ab9-ac98-98364bd1a3aa",
"display": "Phishing",
"itemValue": "Phishing"
},
"operator": "eq"
}
]
}
}
},
{
"top": 160,
"left": 120,
"name": "Add Comment Saying Hello",
"uuid": "1e809344-e3a6-4995-90c3-03f1afe5eb6c",
"group": "/api/3/workflow_groups/dfe695e9-affc-460d-b2bc-9aa6e8ed4094",
"stepType": {
"id": 42,
"@id": "/api/3/workflow_step_types/2597053c-e718-44b4-8394-4d40fe26d357",
"icon": "icon icon-create-record",
"name": "InsertData",
"uuid": "2597053c-e718-44b4-8394-4d40fe26d357",
"@type": "WorkflowStepType",
"index": 110,
"parent": "/api/3/workflow_step_types/74932bdc-b8b6-4d24-88c4-1a4dfbc524f3",
"widget": null,
"visible": true,
"arguments": {
"script": "/wf/workflow/tasks/insert_data"
},
"background": "#f7ac20",
"collection": "/api/3/step_type_collections/c04ab14a-669e-4502-92a3-3beef3cf6219",
"deprecated": false,
"description": null,
"displayName": "Create Record"
},
"arguments": {
"resource": {
"alerts": "{{vars.input.records[0][\"@id\"]') }}",
"content": "Hello"
},
"_showJson": false,
"operation": "Overwrite",
"collection": "/api/3/comments",
"fieldOperation": {
"recordTags": "Overwrite"
},
"step_variables": []
}
}
],
"groups": [
{
"@id": "/api/3/workflow_groups/dfe695e9-affc-460d-b2bc-9aa6e8ed4094",
"top": "25",
"left": "750",
"name": "AI Generated Block. Needs Review.",
"type": "block",
"uuid": "dfe695e9-affc-460d-b2bc-9aa6e8ed4094",
"@type": "WorkflowGroup",
"width": "500",
"height": "280",
"metadata": [],
"reusable": false,
"hideInLogs": false,
"recordTags": [],
"description": "AI Generated Block. Needs Review.",
"isCollapsed": false,
"hasTriggerStep": false
}
],
"routes": [
{
"name": "On Create of Alert -> Add Comment Saying Hello",
"uuid": "6028730b-faa5-4f11-8531-d3bd86e2e237",
"@type": "WorkflowRoute",
"group": "/api/3/workflow_groups/dfe695e9-affc-460d-b2bc-9aa6e8ed4094",
"sourceStep": {
"uuid": "47826503-681f-4f46-9815-741f8d2f41db"
},
"targetStep": {
"uuid": "1e809344-e3a6-4995-90c3-03f1afe5eb6c"
}
}
],
"connectors_not_installed": []
}
The Sample - AI Assistant Utils - 1.0.0 playbook collection comes bundled with the AI Assistant Utils connector. These playbooks contain steps using which you can perform all supported actions. You can see bundled playbooks in the Automation > Playbooks section in FortiSOAR™ after importing the AI Assistant Utils connector.
Note: If you are planning to use any of the sample playbooks in your environment, ensure that you clone those playbooks and move them to a different collection since the sample playbook collection gets overwritten during the connector upgrade and gets deleted during connector uninstall.