About the connector
Forcepoint Websense provides real-time content scanning and Web site classification to protect network computers from malicious Web content while controlling employee access to dynamic, user-generated Web 2.0 content.
This document provides information about the Forcepoint Websense Connector, which facilitates automated interactions, with your Forcepoint Websense server using FortiSOAR™ playbooks. Add the Forcepoint Websense connector, as a step in FortiSOAR™ playbooks and perform automated operations such as creating or deleting API-managed categories or updating API-managed categories on Forcepoint Websense, or retrieving a list of all categories or API-managed categories from Forcepoint Websense.
Version information
Connector Version: 1.0.0
Authored By: Fortinet
Certified: No
Installing the connector
All connectors provided by FortiSOAR™ are delivered using a FortiSOAR™ repository. Therefore, you must set up your FortiSOAR™ repository and use the yum command to install connectors:
yum install cyops-connector-forcepoint-websense
For the detailed procedure to install a connector, click here
Prerequisites to configuring the connector
- You must have the URL of Forcepoint Websense server to which you will connect and perform automated operations and credentials (username-password pair) to access that server.
- To access the FortiSOAR™ UI, ensure that port 443 is open through the firewall for the FortiSOAR™ instance.
Configuring the connector
For the procedure to configure a connector, click here
Configuration parameters
In FortiSOAR™, on the connectors page, select the Forcepoint Websense connector row, and in the Configure tab enter the required configuration details.
| Parameter |
Description |
| Server Address |
IP address or FQDN of the Forcepoint Websense server to which you will connect and perform the automated operations. |
| Username |
Username used to access the Forcepoint Websense server to which you will connect and perform the automated operations. |
| Password |
Password used to access the Forcepoint Websense server to which you will connect and perform the automated operations. |
| Protocol |
Protocol that will be used to communicate with the Forcepoint Websense server. Choose either http and https.
By default, this is set to https. |
| Port |
Port number used for connecting to the Forcepoint Websense server.
Defaults to 15873 for the https protocol. |
| Verify SSL |
Specifies whether the SSL certificate for the server is to be verified or not.
By default, this option is set as True. |
Actions supported by the connector
The following automated operations can be included in playbooks, and you can also use the annotations to access operations from FortiSOAR™ release 4.10.0 onwards:
| Function |
Description |
Annotation and Category |
| Create API-managed Category |
Creates an API-managed category as a container for URLs and IP addresses in Forcepoint Websense based on the category name, parent category ID, and other input parameters you have specified. |
add_category
Containment |
| Get API-managed Category Details |
Retrieves a list of all URLs and IP addresses from Forcepoint Websense based on the API-managed category name of ID you have specified. |
get_category_details
Investigation |
| Get All Categories |
Retrieves a list of all categories or API-managed categories from Forcepoint Websense. |
list_categories
Investigation |
| Update API-managed Category |
Updates, i.e., adds URLs or IP addresses, to an existing API-managed category in Forcepoint Websense based on the category name or category ID you have specified. |
update_category
Containment |
| Delete URLs and IP addresses |
Deletes custom URLs or IP addresses, from an existing API-managed category in Forcepoint Websense based on the category name or category ID you have specified. |
delete_address_from_category
Remediation
|
| Delete API-managed Categories |
Deletes an existing API-managed category from Forcepoint Websense based on the category name or category ID you have specified. |
delete_categories
Remediation
|
operation: Create API-managed Category
Input parameters
| Parameter |
Description |
| Category Name |
Name of the category that you want to create in Forcepoint Websense.
Note: The category name that you specify must be unique. |
| Parent Category ID |
ID of the parent category in which you want to create this category.
Note: By default, the parent category is assigned the value of 0. |
| Category Description |
(Optional) Description of the category that you want to create in Forcepoint Websense. |
| URLs |
Comma-separated list of URLs that you want to add to this category.
Note: You must specify either a list of URLs or a list of IP addresses. |
| IP Addresses |
Comma-separated list of IP addresses or the range of IP addresses that you want to add to this category.
Note: You must specify either a list of URLs or a list of IP addresses. |
Output
The output contains the following populated JSON schema:
{
"status": "",
"result": {
"Categories": [
{
"Totals": {
"Added IPs": "",
"Added URLs": ""
},
"ID": "",
"Name": ""
}
]
}
}
operation: Get API-managed Category Details
Input parameters
| Parameter |
Description |
| Refer By |
Choose either Category Name or Category ID to specify how you want to reference the category whose list of all URLs and IP addresses you want to retrieve from Forcepoint Websense. |
| Category Value |
Value of the Category Name or Category ID (based on what you have selected from the Refer By drop-down list) whose list of all URLs and IP addresses you want to retrieve from Forcepoint Websense. |
Output
The output contains the following populated JSON schema:
{
"Category Name": "",
"URLs": [],
"IPs": [],
"Category ID": ""
}
operation: Get All Categories
Input parameters
| Parameter |
Description |
| Only API-managed Category |
Select this option, i.e., set it to True (default) to retrieve the list of all API-managed categories from Forcepoint Websense.
Clear this option, i.e., set to False to retrieve a list of all categories (including Forcepoint-defined Master Database categories) from Forcepoint Websense. |
Output
The output contains the following populated JSON schema:
{
"Categories": [
{
"Category Name": "",
"Category Hierarchy": "",
"Category Owner": "",
"Category ID": "",
"Children": [
{
"Category Name": "",
"Category Hierarchy": "",
"Category Description": "",
"Category Owner": "",
"Category ID": ""
}
],
"Category Description": ""
}
]
}
operation: Update API-managed Category
Input parameters
| Parameter |
Description |
| Refer By |
Choose either Category Name or Category ID to specify how you want to reference the category that you want to update on Forcepoint Websense. |
| Category Value |
Value of the Category Name or Category ID (based on what you have selected from the Refer By drop-down list) that you want to update on Forcepoint Websense. |
| URLs |
Comma-separated list of URLs that you want to add to the specified category.
Note: You must specify either a list of URLs or a list of IP addresses. |
| IP Addresses |
Comma-separated list of IP addresses or the range of IP addresses that you to add to the specified category.
Note: You must specify either a list of URLs or a list of IP addresses. |
Output
The output contains the following populated JSON schema:
{
"Categories": [
{
"Totals": {
"Added IPs": "",
"Added URLs": ""
},
"ID": "",
"Name": ""
}
]
}
operation: Delete URLs and IP addresses
Input parameters
| Parameter |
Description |
| Refer By |
Choose either Category Name or Category ID to specify how you want to reference the category whose custom URLs or IP addresses you want to delete from Forcepoint Websense. |
| Category Value |
Value of the Category Name or Category ID (based on what you have selected from the Refer By drop-down list) whose custom URLs or IP addresses you want to delete from Forcepoint Websense. |
| URLs |
Comma-separated list of URLs that you want to delete from the specified category.
Note: You must specify either a list of URLs or a list of IP addresses. |
| IP Addresses |
Comma-separated list of IP addresses or the range of IP addresses that you to delete from the specified category.
Note: You must specify either a list of URLs or a list of IP addresses. |
Output
The output contains the following populated JSON schema:
{
"Category Name": "",
"Deleted": {
"Deleted URLs": "",
"Deleted IPs": ""
},
"Category ID": ""
}
operation: Delete API-managed Categories
Input parameters
| Parameter |
Description |
| Refer By |
Choose either Category Name or Category ID to specify how you want to reference the category that you want to delete from Forcepoint Websense. |
| Category Value |
Value of the Category Name or Category ID (based on what you have selected from the Refer By drop-down list) that you want to delete from Forcepoint Websense. |
Output
The output contains the following populated JSON schema:
{
"status": "",
"result": ""
}
Included playbooks
The Sample - Forcepoint Websense - 1.0.0 playbook collection comes bundled with the Forcepoint Websense connector. These playbooks contain steps using which you can perform all supported actions. You can see bundled playbooks in the Automation > Playbooks section in FortiSOAR™ after importing the Forcepoint Websense connector.
- Create API-managed Category
- Delete API-managed Categories
- Delete URLs and IP addresses
- Get All Categories
- Get API-managed Category Details
- Update API-managed Category
Note: If you are planning to use any of the sample playbooks in your environment, ensure that you clone those playbooks and move them to a different collection since the sample playbook collection gets deleted during connector upgrade and delete.
