Fortinet Document Library

Version:


Table of Contents

CloudPassage Halo

1.0.0
Copy Link

About the connector

CloudPassage Halo is a security solution providing everything you need to automate basic and advanced security for your EC2 AMIs.

This document provides information about the CloudPassage Halo connector, which facilitates automated interactions with CloudPassage Halo using FortiSOAR™ playbooks. Add the CloudPassage Halo connector as a step in FortiSOAR™ playbooks and perform automated operations, such as retrieving a list if all active Halo-protected servers and a list of all local user accounts.

Version information

Connector Version: 1.0.0

Authored By: Fortinet.

Certified: No

 

Installing the connector

All connectors provided by FortiSOAR™ are delivered using a FortiSOAR™ repository. Therefore, you must set up your FortiSOAR™ repository and use the yum command to install connectors:

yum install cyops-connector-cloudpassage-halo

For the detailed procedure to install a connector, click here.

 

Configuring the connector

For the procedure to configure a connector, click here.

 

Actions supported by the connector

The following automated operations can be included in playbooks and you can also use the annotations to access operations from FortiSOAR™ release 4.10.0 onwards:

 

Function Description Annotation and Category
List Server Retrieves a list if all active Halo-protected servers. list_servers
Investigation
Get System Information Retrieves information about a system that you have specified using the Server ID from CloudPassage Halo. get_system_info
Investigation
List Server Processes Retrieves a list of processes running on a server that you have specified using the Server ID from CloudPassage Halo. list_server_processes
Investigation
List All Local User Accounts Retrieves a list of all local user accounts from CloudPassage Halo. list_users
Investigation
Get Local User Account Details Retrieves detailed information (both core account and account details fields) for the server account specified by username from CloudPassage Halo. get_user
Investigation
List Server Vulnerabilities Retrieves the vulnerability scan result of the server that you have specified using the Server ID from CloudPassage Halo. list_vulnerabilities
Investigation
Get CVE Details Retrieves the the details of the Common Vulnerability and Exposure, based in the CVE you have specified, from CloudPassage Halo. get_cve_details
Investigation

 

Included playbooks

The Sample - CloudPassage-Halo - 1.0.0 playbook collection comes bundled with the CloudPassage Halo connector. This playbook contains steps using which you can perform all supported actions. You can see the bundled playbooks in the Automation > Playbooks section in FortiSOAR™ after importing the CloudPassage Halo connector.

 

Note: If you are planning to use any of the sample playbooks in your environment, ensure that you clone those playbooks and move them to a different collection, since the sample playbook collection gets deleted during connector upgrade and delete.

 

About the connector

CloudPassage Halo is a security solution providing everything you need to automate basic and advanced security for your EC2 AMIs.

This document provides information about the CloudPassage Halo connector, which facilitates automated interactions with CloudPassage Halo using FortiSOAR™ playbooks. Add the CloudPassage Halo connector as a step in FortiSOAR™ playbooks and perform automated operations, such as retrieving a list if all active Halo-protected servers and a list of all local user accounts.

Version information

Connector Version: 1.0.0

Authored By: Fortinet.

Certified: No

 

Installing the connector

All connectors provided by FortiSOAR™ are delivered using a FortiSOAR™ repository. Therefore, you must set up your FortiSOAR™ repository and use the yum command to install connectors:

yum install cyops-connector-cloudpassage-halo

For the detailed procedure to install a connector, click here.

 

Configuring the connector

For the procedure to configure a connector, click here.

 

Actions supported by the connector

The following automated operations can be included in playbooks and you can also use the annotations to access operations from FortiSOAR™ release 4.10.0 onwards:

 

Function Description Annotation and Category
List Server Retrieves a list if all active Halo-protected servers. list_servers
Investigation
Get System Information Retrieves information about a system that you have specified using the Server ID from CloudPassage Halo. get_system_info
Investigation
List Server Processes Retrieves a list of processes running on a server that you have specified using the Server ID from CloudPassage Halo. list_server_processes
Investigation
List All Local User Accounts Retrieves a list of all local user accounts from CloudPassage Halo. list_users
Investigation
Get Local User Account Details Retrieves detailed information (both core account and account details fields) for the server account specified by username from CloudPassage Halo. get_user
Investigation
List Server Vulnerabilities Retrieves the vulnerability scan result of the server that you have specified using the Server ID from CloudPassage Halo. list_vulnerabilities
Investigation
Get CVE Details Retrieves the the details of the Common Vulnerability and Exposure, based in the CVE you have specified, from CloudPassage Halo. get_cve_details
Investigation

 

Included playbooks

The Sample - CloudPassage-Halo - 1.0.0 playbook collection comes bundled with the CloudPassage Halo connector. This playbook contains steps using which you can perform all supported actions. You can see the bundled playbooks in the Automation > Playbooks section in FortiSOAR™ after importing the CloudPassage Halo connector.

 

Note: If you are planning to use any of the sample playbooks in your environment, ensure that you clone those playbooks and move them to a different collection, since the sample playbook collection gets deleted during connector upgrade and delete.