CloudPassage Halo is a security solution providing everything you need to automate basic and advanced security for your EC2 AMIs.
This document provides information about the CloudPassage Halo connector, which facilitates automated interactions with CloudPassage Halo using FortiSOAR™ playbooks. Add the CloudPassage Halo connector as a step in FortiSOAR™ playbooks and perform automated operations, such as retrieving a list if all active Halo-protected servers and a list of all local user accounts.
Connector Version: 1.0.0
Authored By: Fortinet.
Certified: No
All connectors provided by FortiSOAR™ are delivered using a FortiSOAR™ repository. Therefore, you must set up your FortiSOAR™ repository and use the yum
command to install connectors:
yum install cyops-connector-cloudpassage-halo
For the detailed procedure to install a connector, click here.
For the procedure to configure a connector, click here.
The following automated operations can be included in playbooks and you can also use the annotations to access operations from FortiSOAR™ release 4.10.0 onwards:
Function | Description | Annotation and Category |
---|---|---|
List Server | Retrieves a list if all active Halo-protected servers. | list_servers Investigation |
Get System Information | Retrieves information about a system that you have specified using the Server ID from CloudPassage Halo. | get_system_info Investigation |
List Server Processes | Retrieves a list of processes running on a server that you have specified using the Server ID from CloudPassage Halo. | list_server_processes Investigation |
List All Local User Accounts | Retrieves a list of all local user accounts from CloudPassage Halo. | list_users Investigation |
Get Local User Account Details | Retrieves detailed information (both core account and account details fields) for the server account specified by username from CloudPassage Halo. | get_user Investigation |
List Server Vulnerabilities | Retrieves the vulnerability scan result of the server that you have specified using the Server ID from CloudPassage Halo. | list_vulnerabilities Investigation |
Get CVE Details | Retrieves the the details of the Common Vulnerability and Exposure, based in the CVE you have specified, from CloudPassage Halo. | get_cve_details Investigation |
The Sample - CloudPassage-Halo - 1.0.0
playbook collection comes bundled with the CloudPassage Halo connector. This playbook contains steps using which you can perform all supported actions. You can see the bundled playbooks in the Automation > Playbooks section in FortiSOAR™ after importing the CloudPassage Halo connector.
Note: If you are planning to use any of the sample playbooks in your environment, ensure that you clone those playbooks and move them to a different collection, since the sample playbook collection gets deleted during connector upgrade and delete.
CloudPassage Halo is a security solution providing everything you need to automate basic and advanced security for your EC2 AMIs.
This document provides information about the CloudPassage Halo connector, which facilitates automated interactions with CloudPassage Halo using FortiSOAR™ playbooks. Add the CloudPassage Halo connector as a step in FortiSOAR™ playbooks and perform automated operations, such as retrieving a list if all active Halo-protected servers and a list of all local user accounts.
Connector Version: 1.0.0
Authored By: Fortinet.
Certified: No
All connectors provided by FortiSOAR™ are delivered using a FortiSOAR™ repository. Therefore, you must set up your FortiSOAR™ repository and use the yum
command to install connectors:
yum install cyops-connector-cloudpassage-halo
For the detailed procedure to install a connector, click here.
For the procedure to configure a connector, click here.
The following automated operations can be included in playbooks and you can also use the annotations to access operations from FortiSOAR™ release 4.10.0 onwards:
Function | Description | Annotation and Category |
---|---|---|
List Server | Retrieves a list if all active Halo-protected servers. | list_servers Investigation |
Get System Information | Retrieves information about a system that you have specified using the Server ID from CloudPassage Halo. | get_system_info Investigation |
List Server Processes | Retrieves a list of processes running on a server that you have specified using the Server ID from CloudPassage Halo. | list_server_processes Investigation |
List All Local User Accounts | Retrieves a list of all local user accounts from CloudPassage Halo. | list_users Investigation |
Get Local User Account Details | Retrieves detailed information (both core account and account details fields) for the server account specified by username from CloudPassage Halo. | get_user Investigation |
List Server Vulnerabilities | Retrieves the vulnerability scan result of the server that you have specified using the Server ID from CloudPassage Halo. | list_vulnerabilities Investigation |
Get CVE Details | Retrieves the the details of the Common Vulnerability and Exposure, based in the CVE you have specified, from CloudPassage Halo. | get_cve_details Investigation |
The Sample - CloudPassage-Halo - 1.0.0
playbook collection comes bundled with the CloudPassage Halo connector. This playbook contains steps using which you can perform all supported actions. You can see the bundled playbooks in the Automation > Playbooks section in FortiSOAR™ after importing the CloudPassage Halo connector.
Note: If you are planning to use any of the sample playbooks in your environment, ensure that you clone those playbooks and move them to a different collection, since the sample playbook collection gets deleted during connector upgrade and delete.