Fortinet Document Library

Version:


Table of Contents

1.0.0
Copy Link

About the connector

Amazon Athena is a service that uses ANSI-standard SQL to query directly from Amazon Simple Storage Service or Amazon S3. This makes it easy to analyze big data directly in S3 using standard SQL.

This document provides information about the AWS Athena connector, which facilitates automated interactions with AWS Athena using FortiSOAR™ playbooks. Add the AWS Athena connector as a step in FortiSOAR™ playbooks and to automate AWS Athena queries.

Version information

Connector Version: 1.0.0

Authored By: Fortinet

Certified: No

 

Installing the connector

All connectors provided by FortiSOAR™ are delivered using a FortiSOAR™ repository. Therefore, you must set up your FortiSOAR™ repository and use the yum command to install connectors:

yum install cyops-connector-aws-athena

For the detailed procedure to install a connector, click here

Prerequisites to configuring the connector

  • You must have the AWS region of your account to access the AWS services.
  • You must have a user's AWS Access Key ID and Secret Key to access the AWS services. 
  • To access the FortiSOAR™ UI, ensure that port 443 is open through the firewall for the FortiSOAR™ instance.

Configuring the connector

For the procedure to configure a connector, click here

Configuration parameters

In FortiSOAR™ , on the connectors page, select the AWS Athena connector and click Configure to configure the following parameters:

Parameter Description
Region AWS region of your account to access the AWS services.
Access Key User's AWS Access Key ID to access AWS services.
Secret Key User's AWS Secret key to access AWS services.
Verify SSL Specifies whether the SSL certificate for the server is to be verified or not.
By default, this option is set as True.

Actions supported by the connector

The following automated operations can be included in playbooks, and you can also use the annotations to access operations from CyOPsTM release 4.10.0 and onwards:

Function Description Annotation and Category
Run Athena Query Runs a database query. run_athena_query
Investigation

operation: Run Athena Query

Input parameters

Parameter Description
Query Database query to run.
Location Location in S3 where the results should be stored.
Encryption Indicates whether Amazon S3 server-side encryption with Amazon S3-managed keys (SSE-S3 ), server-side encryption with KMS-managed keys (SSE-KMS ), or client-side encryption with KMS-managed keys (CSE-KMS) is used.
Database Name Name of the Athena database in which to run the query.
Max Tries Maximum number of attempts to fetch the results of the query.
By default, this is set to 60.

Output

The output contains the following populated JSON schema:
{
     "response": {
         "result": {
             "ResultSet": {
                 "Rows": [
                     {
                         "Data": [
                             {
                                 "VarCharValue": ""
                             }
                         ]
                     }
                 ],
                 "ResultSetMetadata": {
                     "ColumnInfo": [
                         {
                             "Scale": 123,
                             "Type": "",
                             "CaseSensitive": "",
                             "Precision": 123,
                             "Name": "",
                             "TableName": "",
                             "SchemaName": "",
                             "CatalogName": "",
                             "Label": "",
                             "Nullable": ""
                         }
                     ]
                 }
             },
             "NextToken": ""
         },
         "error": ""
     },
     "error_message": "",
     "error": ""
}

Included playbooks

The Sample - AWS Athena - 1.0.0 playbook collection comes bundled with the AWS Athena connector. These playbooks contain steps using which you can perform all supported actions. You can see bundled playbooks in the Automation > Playbooks section in FortiSOAR™ after importing the AWS Athena connector.

  • Run Athena Query

Note: If you are planning to use any of the sample playbooks in your environment, ensure that you clone those playbooks and move them to a different collection since the sample playbook collection gets deleted during connector upgrade and delete.

About the connector

Amazon Athena is a service that uses ANSI-standard SQL to query directly from Amazon Simple Storage Service or Amazon S3. This makes it easy to analyze big data directly in S3 using standard SQL.

This document provides information about the AWS Athena connector, which facilitates automated interactions with AWS Athena using FortiSOAR™ playbooks. Add the AWS Athena connector as a step in FortiSOAR™ playbooks and to automate AWS Athena queries.

Version information

Connector Version: 1.0.0

Authored By: Fortinet

Certified: No

 

Installing the connector

All connectors provided by FortiSOAR™ are delivered using a FortiSOAR™ repository. Therefore, you must set up your FortiSOAR™ repository and use the yum command to install connectors:

yum install cyops-connector-aws-athena

For the detailed procedure to install a connector, click here

Prerequisites to configuring the connector

Configuring the connector

For the procedure to configure a connector, click here

Configuration parameters

In FortiSOAR™ , on the connectors page, select the AWS Athena connector and click Configure to configure the following parameters:

Parameter Description
Region AWS region of your account to access the AWS services.
Access Key User's AWS Access Key ID to access AWS services.
Secret Key User's AWS Secret key to access AWS services.
Verify SSL Specifies whether the SSL certificate for the server is to be verified or not.
By default, this option is set as True.

Actions supported by the connector

The following automated operations can be included in playbooks, and you can also use the annotations to access operations from CyOPsTM release 4.10.0 and onwards:

Function Description Annotation and Category
Run Athena Query Runs a database query. run_athena_query
Investigation

operation: Run Athena Query

Input parameters

Parameter Description
Query Database query to run.
Location Location in S3 where the results should be stored.
Encryption Indicates whether Amazon S3 server-side encryption with Amazon S3-managed keys (SSE-S3 ), server-side encryption with KMS-managed keys (SSE-KMS ), or client-side encryption with KMS-managed keys (CSE-KMS) is used.
Database Name Name of the Athena database in which to run the query.
Max Tries Maximum number of attempts to fetch the results of the query.
By default, this is set to 60.

Output

The output contains the following populated JSON schema:
{
     "response": {
         "result": {
             "ResultSet": {
                 "Rows": [
                     {
                         "Data": [
                             {
                                 "VarCharValue": ""
                             }
                         ]
                     }
                 ],
                 "ResultSetMetadata": {
                     "ColumnInfo": [
                         {
                             "Scale": 123,
                             "Type": "",
                             "CaseSensitive": "",
                             "Precision": 123,
                             "Name": "",
                             "TableName": "",
                             "SchemaName": "",
                             "CatalogName": "",
                             "Label": "",
                             "Nullable": ""
                         }
                     ]
                 }
             },
             "NextToken": ""
         },
         "error": ""
     },
     "error_message": "",
     "error": ""
}

Included playbooks

The Sample - AWS Athena - 1.0.0 playbook collection comes bundled with the AWS Athena connector. These playbooks contain steps using which you can perform all supported actions. You can see bundled playbooks in the Automation > Playbooks section in FortiSOAR™ after importing the AWS Athena connector.

Note: If you are planning to use any of the sample playbooks in your environment, ensure that you clone those playbooks and move them to a different collection since the sample playbook collection gets deleted during connector upgrade and delete.