Collaborative Research Into Threats (CRITs) is an open source malware and threat repository
This document provides information about the CRITs connector, which facilitates automated interactions with CRITs using FortiSOAR™ playbooks. Add the CRITs connector as a step in FortiSOAR™ playbooks and perform automated operations, such as running a query on a CRITs device and retrieving resource details from CRITs.
Connector Version: 1.0.0
Authored By: Fortinet
Certified: No
All connectors provided by FortiSOAR™ are delivered using a FortiSOAR™ repository. Therefore, you must set up your FortiSOAR™ repository and use the yum
command to install connectors:
yum install cyops-connector-crits
For the detailed procedure to install a connector, click here.
For the procedure to configure a connector, click here.
The following automated operations can be included in playbooks and you can also use the annotations to access operations from FortiSOAR™ release 4.10.0 onwards:
Function | Description | Annotation and Category |
---|---|---|
Create Resource | Creates a specified resource on CRITs | create_resource Investigation |
Run Query | Runs a specified query on a CRITs device. | run_query Investigation |
Get Resource Details | Retrieves resource details from CRITs, based on the input parameters you have specified. | get_resource Investigation |
Update Resource | Updates an existing specified resource in CRITs, based on the input parameters you have specified. | update_resource Investigation |
The Sample - CRITs - 1.0.0
playbook collection comes bundled with the CRITs connector. This playbook contains steps using which you can perform all supported actions. You can see the bundled playbooks in the Automation > Playbooks section in FortiSOAR™ after importing the CRITs connector.
Note: If you are planning to use any of the sample playbooks in your environment, ensure that you clone those playbooks and move them to a different collection, since the sample playbook collection gets deleted during connector upgrade and delete.
Collaborative Research Into Threats (CRITs) is an open source malware and threat repository
This document provides information about the CRITs connector, which facilitates automated interactions with CRITs using FortiSOAR™ playbooks. Add the CRITs connector as a step in FortiSOAR™ playbooks and perform automated operations, such as running a query on a CRITs device and retrieving resource details from CRITs.
Connector Version: 1.0.0
Authored By: Fortinet
Certified: No
All connectors provided by FortiSOAR™ are delivered using a FortiSOAR™ repository. Therefore, you must set up your FortiSOAR™ repository and use the yum
command to install connectors:
yum install cyops-connector-crits
For the detailed procedure to install a connector, click here.
For the procedure to configure a connector, click here.
The following automated operations can be included in playbooks and you can also use the annotations to access operations from FortiSOAR™ release 4.10.0 onwards:
Function | Description | Annotation and Category |
---|---|---|
Create Resource | Creates a specified resource on CRITs | create_resource Investigation |
Run Query | Runs a specified query on a CRITs device. | run_query Investigation |
Get Resource Details | Retrieves resource details from CRITs, based on the input parameters you have specified. | get_resource Investigation |
Update Resource | Updates an existing specified resource in CRITs, based on the input parameters you have specified. | update_resource Investigation |
The Sample - CRITs - 1.0.0
playbook collection comes bundled with the CRITs connector. This playbook contains steps using which you can perform all supported actions. You can see the bundled playbooks in the Automation > Playbooks section in FortiSOAR™ after importing the CRITs connector.
Note: If you are planning to use any of the sample playbooks in your environment, ensure that you clone those playbooks and move them to a different collection, since the sample playbook collection gets deleted during connector upgrade and delete.