Fortinet black logo

CRITs

Home FortiSOAR Connectors CRITs

CRITs v1.0.0

1.0.0
1.0.0
Copy Link
Copy Doc ID 06347759-3f5a-4bfc-8742-078eda63f885:1

About the connector

Collaborative Research Into Threats (CRITs) is an open source malware and threat repository

This document provides information about the CRITs connector, which facilitates automated interactions with CRITs using FortiSOAR™ playbooks. Add the CRITs connector as a step in FortiSOAR™ playbooks and perform automated operations, such as running a query on a CRITs device and retrieving resource details from CRITs.

Version information

Connector Version: 1.0.0

Authored By: Fortinet

Certified: No

Installing the connector

All connectors provided by FortiSOAR™ are delivered using a FortiSOAR™ repository. Therefore, you must set up your FortiSOAR™ repository and use the yum command to install connectors:

yum install cyops-connector-crits

For the detailed procedure to install a connector, click here.

Configuring the connector

For the procedure to configure a connector, click here.

Actions supported by the connector

The following automated operations can be included in playbooks and you can also use the annotations to access operations from FortiSOAR™ release 4.10.0 onwards:

Function Description Annotation and Category
Create Resource Creates a specified resource on CRITs create_resource
Investigation
Run Query Runs a specified query on a CRITs device. run_query
Investigation
Get Resource Details Retrieves resource details from CRITs, based on the input parameters you have specified. get_resource
Investigation
Update Resource Updates an existing specified resource in CRITs, based on the input parameters you have specified. update_resource
Investigation

Included playbooks

The Sample - CRITs - 1.0.0 playbook collection comes bundled with the CRITs connector. This playbook contains steps using which you can perform all supported actions. You can see the bundled playbooks in the Automation > Playbooks section in FortiSOAR™ after importing the CRITs connector.

Note: If you are planning to use any of the sample playbooks in your environment, ensure that you clone those playbooks and move them to a different collection, since the sample playbook collection gets deleted during connector upgrade and delete.

Previous
Next

About the connector

Collaborative Research Into Threats (CRITs) is an open source malware and threat repository

This document provides information about the CRITs connector, which facilitates automated interactions with CRITs using FortiSOAR™ playbooks. Add the CRITs connector as a step in FortiSOAR™ playbooks and perform automated operations, such as running a query on a CRITs device and retrieving resource details from CRITs.

Version information

Connector Version: 1.0.0

Authored By: Fortinet

Certified: No

Installing the connector

All connectors provided by FortiSOAR™ are delivered using a FortiSOAR™ repository. Therefore, you must set up your FortiSOAR™ repository and use the yum command to install connectors:

yum install cyops-connector-crits

For the detailed procedure to install a connector, click here.

Configuring the connector

For the procedure to configure a connector, click here.

Actions supported by the connector

The following automated operations can be included in playbooks and you can also use the annotations to access operations from FortiSOAR™ release 4.10.0 onwards:

Function Description Annotation and Category
Create Resource Creates a specified resource on CRITs create_resource
Investigation
Run Query Runs a specified query on a CRITs device. run_query
Investigation
Get Resource Details Retrieves resource details from CRITs, based on the input parameters you have specified. get_resource
Investigation
Update Resource Updates an existing specified resource in CRITs, based on the input parameters you have specified. update_resource
Investigation

Included playbooks

The Sample - CRITs - 1.0.0 playbook collection comes bundled with the CRITs connector. This playbook contains steps using which you can perform all supported actions. You can see the bundled playbooks in the Automation > Playbooks section in FortiSOAR™ after importing the CRITs connector.

Note: If you are planning to use any of the sample playbooks in your environment, ensure that you clone those playbooks and move them to a different collection, since the sample playbook collection gets deleted during connector upgrade and delete.

Previous
Next