Fortinet Document Library

Version:


Table of Contents

Forcepoint Websense

1.0.0
Copy Link

About the connector

Forcepoint Websense provides real-time content scanning and Web site classification to protect network computers from malicious Web content while controlling employee access to dynamic, user-generated Web 2.0 content.

This document provides information about the Forcepoint Websense Connector, which facilitates automated interactions, with your Forcepoint Websense server using FortiSOAR™ playbooks. Add the Forcepoint Websense connector, as a step in FortiSOAR™ playbooks and perform automated operations such as creating or deleting API-managed categories or updating API-managed categories on Forcepoint Websense, or retrieving a list of all categories or API-managed categories from Forcepoint Websense.

Version information

Connector Version: 1.0.0

Authored By: Fortinet

Certified: No

Installing the connector

All connectors provided by FortiSOAR™ are delivered using a FortiSOAR™ repository. Therefore, you must set up your FortiSOAR™ repository and use the yum command to install connectors:

yum install cyops-connector-forcepoint-websense

For the detailed procedure to install a connector, click here

Prerequisites to configuring the connector

  • You must have the URL of Forcepoint Websense server to which you will connect and perform automated operations and credentials (username-password pair) to access that server.
  • To access the FortiSOAR™ UI, ensure that port 443 is open through the firewall for the FortiSOAR™  instance.

Configuring the connector

For the procedure to configure a connector, click here

Configuration parameters

In FortiSOAR™, on the connectors page, select the Forcepoint Websense connector row, and in the Configure tab enter the required configuration details.

Parameter Description
Server Address IP address or FQDN of the Forcepoint Websense server to which you will connect and perform the automated operations.
Username Username used to access the Forcepoint Websense server to which you will connect and perform the automated operations.
Password Password used to access the Forcepoint Websense server to which you will connect and perform the automated operations.
Protocol Protocol that will be used to communicate with the Forcepoint Websense server. Choose either http and https.
By default, this is set to https.
Port Port number used for connecting to the Forcepoint Websense server.
Defaults to 15873 for the https protocol.
Verify SSL Specifies whether the SSL certificate for the server is to be verified or not.
By default, this option is set as True.

Actions supported by the connector

The following automated operations can be included in playbooks, and you can also use the annotations to access operations from FortiSOAR™ release 4.10.0 onwards:

Function Description Annotation and Category
Create API-managed Category Creates an API-managed category as a container for URLs and IP addresses in Forcepoint Websense based on the category name, parent category ID, and other input parameters you have specified. add_category
Containment
Get API-managed Category Details Retrieves a list of all URLs and IP addresses from Forcepoint Websense based on the API-managed category name of ID you have specified. get_category_details
Investigation
Get All Categories Retrieves a list of all categories or API-managed categories from Forcepoint Websense. list_categories
Investigation
Update API-managed Category Updates, i.e., adds URLs or IP addresses, to an existing API-managed category in Forcepoint Websense based on the category name or category ID you have specified. update_category
Containment
Delete URLs and IP addresses Deletes custom URLs or IP addresses, from an existing API-managed category in Forcepoint Websense based on the category name or category ID you have specified. delete_address_from_category
Remediation
 
Delete API-managed Categories Deletes an existing API-managed category from Forcepoint Websense based on the category name or category ID you have specified. delete_categories
Remediation
 

operation: Create API-managed Category

Input parameters

Parameter Description
Category Name Name of the category that you want to create in Forcepoint Websense.
Note: The category name that you specify must be unique.
Parent Category ID ID of the parent category in which you want to create this category.
Note: By default, the parent category is assigned the value of 0.
Category Description (Optional) Description of the category that you want to create in Forcepoint Websense.
URLs Comma-separated list of URLs that you want to add to this category.
Note: You must specify either a list of URLs or a list of IP addresses.
IP Addresses Comma-separated list of IP addresses or the range of IP addresses that you want to add to this category.
Note: You must specify either a list of URLs or a list of IP addresses.

Output

The output contains the following populated JSON schema:
{
     "status": "",
     "result": {
         "Categories": [
             {
                 "Totals": {
                     "Added IPs": "",
                     "Added URLs": ""
                 },
                 "ID": "",
                 "Name": ""
             }
         ]
     }
}

operation: Get API-managed Category Details

Input parameters

Parameter Description
Refer By Choose either Category Name or Category ID to specify how you want to reference the category whose list of all URLs and IP addresses you want to retrieve from Forcepoint Websense.
Category Value Value of the Category Name or Category ID (based on what you have selected from the Refer By drop-down list) whose list of all URLs and IP addresses you want to retrieve from Forcepoint Websense.

Output

The output contains the following populated JSON schema:
{
     "Category Name": "",
     "URLs": [],
     "IPs": [],
     "Category ID": ""
}

operation: Get All Categories

Input parameters

Parameter Description
Only API-managed Category Select this option, i.e., set it to True (default) to retrieve the list of all API-managed categories from Forcepoint Websense.
Clear this option, i.e., set to False to retrieve a list of all categories (including Forcepoint-defined Master Database categories) from Forcepoint Websense.

Output

The output contains the following populated JSON schema:
{
     "Categories": [
         {
             "Category Name": "",
             "Category Hierarchy": "",
             "Category Owner": "",
             "Category ID": "",
             "Children": [
                 {
                     "Category Name": "",
                     "Category Hierarchy": "",
                     "Category Description": "",
                     "Category Owner": "",
                     "Category ID": ""
                 }
             ],
             "Category Description": ""
         }
     ]
}

operation: Update API-managed Category

Input parameters

Parameter Description
Refer By Choose either Category Name or Category ID to specify how you want to reference the category that you want to update on Forcepoint Websense.
Category Value Value of the Category Name or Category ID (based on what you have selected from the Refer By drop-down list) that you want to update on Forcepoint Websense.
URLs Comma-separated list of URLs that you want to add to the specified category.
Note: You must specify either a list of URLs or a list of IP addresses.
IP Addresses Comma-separated list of IP addresses or the range of IP addresses that you to add to the specified category.
Note: You must specify either a list of URLs or a list of IP addresses.

Output

The output contains the following populated JSON schema:
{
     "Categories": [
         {
             "Totals": {
                 "Added IPs": "",
                 "Added URLs": ""
             },
             "ID": "",
             "Name": ""
         }
     ]
}

operation: Delete URLs and IP addresses

Input parameters

Parameter Description
Refer By Choose either Category Name or Category ID to specify how you want to reference the category whose custom URLs or IP addresses you want to delete from Forcepoint Websense.
Category Value Value of the Category Name or Category ID (based on what you have selected from the Refer By drop-down list) whose custom URLs or IP addresses you want to delete from Forcepoint Websense.
URLs Comma-separated list of URLs that you want to delete from the specified category.
Note: You must specify either a list of URLs or a list of IP addresses.
IP Addresses Comma-separated list of IP addresses or the range of IP addresses that you to delete from the specified category.
Note: You must specify either a list of URLs or a list of IP addresses.

Output

The output contains the following populated JSON schema:
{
     "Category Name": "",
     "Deleted": {
         "Deleted URLs": "",
         "Deleted IPs": ""
     },
     "Category ID": ""
}

operation: Delete API-managed Categories

Input parameters

Parameter Description
Refer By Choose either Category Name or Category ID to specify how you want to reference the category that you want to delete from Forcepoint Websense.
Category Value Value of the Category Name or Category ID (based on what you have selected from the Refer By drop-down list) that you want to delete from Forcepoint Websense.

Output

The output contains the following populated JSON schema:
{
     "status": "",
     "result": ""
}

Included playbooks

The Sample - Forcepoint Websense - 1.0.0 playbook collection comes bundled with the Forcepoint Websense connector. These playbooks contain steps using which you can perform all supported actions. You can see bundled playbooks in the Automation > Playbooks section in FortiSOAR™ after importing the Forcepoint Websense connector.

  • Create API-managed Category
  • Delete API-managed Categories
  • Delete URLs and IP addresses
  • Get All Categories
  • Get API-managed Category Details
  • Update API-managed Category

Note: If you are planning to use any of the sample playbooks in your environment, ensure that you clone those playbooks and move them to a different collection since the sample playbook collection gets deleted during connector upgrade and delete.

About the connector

Forcepoint Websense provides real-time content scanning and Web site classification to protect network computers from malicious Web content while controlling employee access to dynamic, user-generated Web 2.0 content.

This document provides information about the Forcepoint Websense Connector, which facilitates automated interactions, with your Forcepoint Websense server using FortiSOAR™ playbooks. Add the Forcepoint Websense connector, as a step in FortiSOAR™ playbooks and perform automated operations such as creating or deleting API-managed categories or updating API-managed categories on Forcepoint Websense, or retrieving a list of all categories or API-managed categories from Forcepoint Websense.

Version information

Connector Version: 1.0.0

Authored By: Fortinet

Certified: No

Installing the connector

All connectors provided by FortiSOAR™ are delivered using a FortiSOAR™ repository. Therefore, you must set up your FortiSOAR™ repository and use the yum command to install connectors:

yum install cyops-connector-forcepoint-websense

For the detailed procedure to install a connector, click here

Prerequisites to configuring the connector

Configuring the connector

For the procedure to configure a connector, click here

Configuration parameters

In FortiSOAR™, on the connectors page, select the Forcepoint Websense connector row, and in the Configure tab enter the required configuration details.

Parameter Description
Server Address IP address or FQDN of the Forcepoint Websense server to which you will connect and perform the automated operations.
Username Username used to access the Forcepoint Websense server to which you will connect and perform the automated operations.
Password Password used to access the Forcepoint Websense server to which you will connect and perform the automated operations.
Protocol Protocol that will be used to communicate with the Forcepoint Websense server. Choose either http and https.
By default, this is set to https.
Port Port number used for connecting to the Forcepoint Websense server.
Defaults to 15873 for the https protocol.
Verify SSL Specifies whether the SSL certificate for the server is to be verified or not.
By default, this option is set as True.

Actions supported by the connector

The following automated operations can be included in playbooks, and you can also use the annotations to access operations from FortiSOAR™ release 4.10.0 onwards:

Function Description Annotation and Category
Create API-managed Category Creates an API-managed category as a container for URLs and IP addresses in Forcepoint Websense based on the category name, parent category ID, and other input parameters you have specified. add_category
Containment
Get API-managed Category Details Retrieves a list of all URLs and IP addresses from Forcepoint Websense based on the API-managed category name of ID you have specified. get_category_details
Investigation
Get All Categories Retrieves a list of all categories or API-managed categories from Forcepoint Websense. list_categories
Investigation
Update API-managed Category Updates, i.e., adds URLs or IP addresses, to an existing API-managed category in Forcepoint Websense based on the category name or category ID you have specified. update_category
Containment
Delete URLs and IP addresses Deletes custom URLs or IP addresses, from an existing API-managed category in Forcepoint Websense based on the category name or category ID you have specified. delete_address_from_category
Remediation
 
Delete API-managed Categories Deletes an existing API-managed category from Forcepoint Websense based on the category name or category ID you have specified. delete_categories
Remediation
 

operation: Create API-managed Category

Input parameters

Parameter Description
Category Name Name of the category that you want to create in Forcepoint Websense.
Note: The category name that you specify must be unique.
Parent Category ID ID of the parent category in which you want to create this category.
Note: By default, the parent category is assigned the value of 0.
Category Description (Optional) Description of the category that you want to create in Forcepoint Websense.
URLs Comma-separated list of URLs that you want to add to this category.
Note: You must specify either a list of URLs or a list of IP addresses.
IP Addresses Comma-separated list of IP addresses or the range of IP addresses that you want to add to this category.
Note: You must specify either a list of URLs or a list of IP addresses.

Output

The output contains the following populated JSON schema:
{
     "status": "",
     "result": {
         "Categories": [
             {
                 "Totals": {
                     "Added IPs": "",
                     "Added URLs": ""
                 },
                 "ID": "",
                 "Name": ""
             }
         ]
     }
}

operation: Get API-managed Category Details

Input parameters

Parameter Description
Refer By Choose either Category Name or Category ID to specify how you want to reference the category whose list of all URLs and IP addresses you want to retrieve from Forcepoint Websense.
Category Value Value of the Category Name or Category ID (based on what you have selected from the Refer By drop-down list) whose list of all URLs and IP addresses you want to retrieve from Forcepoint Websense.

Output

The output contains the following populated JSON schema:
{
     "Category Name": "",
     "URLs": [],
     "IPs": [],
     "Category ID": ""
}

operation: Get All Categories

Input parameters

Parameter Description
Only API-managed Category Select this option, i.e., set it to True (default) to retrieve the list of all API-managed categories from Forcepoint Websense.
Clear this option, i.e., set to False to retrieve a list of all categories (including Forcepoint-defined Master Database categories) from Forcepoint Websense.

Output

The output contains the following populated JSON schema:
{
     "Categories": [
         {
             "Category Name": "",
             "Category Hierarchy": "",
             "Category Owner": "",
             "Category ID": "",
             "Children": [
                 {
                     "Category Name": "",
                     "Category Hierarchy": "",
                     "Category Description": "",
                     "Category Owner": "",
                     "Category ID": ""
                 }
             ],
             "Category Description": ""
         }
     ]
}

operation: Update API-managed Category

Input parameters

Parameter Description
Refer By Choose either Category Name or Category ID to specify how you want to reference the category that you want to update on Forcepoint Websense.
Category Value Value of the Category Name or Category ID (based on what you have selected from the Refer By drop-down list) that you want to update on Forcepoint Websense.
URLs Comma-separated list of URLs that you want to add to the specified category.
Note: You must specify either a list of URLs or a list of IP addresses.
IP Addresses Comma-separated list of IP addresses or the range of IP addresses that you to add to the specified category.
Note: You must specify either a list of URLs or a list of IP addresses.

Output

The output contains the following populated JSON schema:
{
     "Categories": [
         {
             "Totals": {
                 "Added IPs": "",
                 "Added URLs": ""
             },
             "ID": "",
             "Name": ""
         }
     ]
}

operation: Delete URLs and IP addresses

Input parameters

Parameter Description
Refer By Choose either Category Name or Category ID to specify how you want to reference the category whose custom URLs or IP addresses you want to delete from Forcepoint Websense.
Category Value Value of the Category Name or Category ID (based on what you have selected from the Refer By drop-down list) whose custom URLs or IP addresses you want to delete from Forcepoint Websense.
URLs Comma-separated list of URLs that you want to delete from the specified category.
Note: You must specify either a list of URLs or a list of IP addresses.
IP Addresses Comma-separated list of IP addresses or the range of IP addresses that you to delete from the specified category.
Note: You must specify either a list of URLs or a list of IP addresses.

Output

The output contains the following populated JSON schema:
{
     "Category Name": "",
     "Deleted": {
         "Deleted URLs": "",
         "Deleted IPs": ""
     },
     "Category ID": ""
}

operation: Delete API-managed Categories

Input parameters

Parameter Description
Refer By Choose either Category Name or Category ID to specify how you want to reference the category that you want to delete from Forcepoint Websense.
Category Value Value of the Category Name or Category ID (based on what you have selected from the Refer By drop-down list) that you want to delete from Forcepoint Websense.

Output

The output contains the following populated JSON schema:
{
     "status": "",
     "result": ""
}

Included playbooks

The Sample - Forcepoint Websense - 1.0.0 playbook collection comes bundled with the Forcepoint Websense connector. These playbooks contain steps using which you can perform all supported actions. You can see bundled playbooks in the Automation > Playbooks section in FortiSOAR™ after importing the Forcepoint Websense connector.

Note: If you are planning to use any of the sample playbooks in your environment, ensure that you clone those playbooks and move them to a different collection since the sample playbook collection gets deleted during connector upgrade and delete.