Foresight is a real-time analytics platform, which leverages and co-relates data from multiple sources, hence enabling discovery and valuable insights about the end-to-end network.
This document provides information about the Foresight connector, which facilitates automated interactions, with the Foresight server and API using FortiSOAR™ playbooks. Add the Foresight connector as a step in FortiSOAR™ playbooks and perform automated operations, such as creating or updating a ticket in Foresight or searches for tickets in Foresight.
Connector Version: 1.0.0
FortiSOAR™ Version Tested on: 5.0.0-866
Authored By: Fortinet
Certified: Yes
From FortiSOAR™ 5.0.0 onwards, use the Connector Store to install the connector. For the detailed procedure to install a connector, click here.
You can also use the yum command to install connectors. Connectors provided by FortiSOAR™ are delivered using a FortiSOAR™ repository. Therefore, you must set up your FortiSOAR™ repository and run the yum command as a root user to install connectors:
yum install cyops-connector-foresight
For the procedure to configure a connector, click here
In FortiSOAR™, on the Connectors page, click the Foresight connector row (if you are in the Grid view on the Connectors page) and in the Configurations tab enter the required configuration details:
Parameter | Description |
---|---|
Server Address | FQDN of the Foresight server to which you will connect and perform automated operations. |
API Key | API key configured for your account for using the Foresight API. |
Verify SSL | Specifies whether the SSL certificate for the server is to be verified or not. By default, this option is set as True. |
The following automated operations can be included in playbooks, and you can also use the annotations to access operations from FortiSOAR™ release 4.10.0 and onwards:
Function | Description | Annotation and Category |
---|---|---|
Create Ticket | Creates a ticket in Foresight based on the ticket name, description, type, and other input parameters you have specified. | create_ticket Investigation |
Search Ticket | Searches for all tickets or specific tickets in Foresight, based on the filter criteria such as the ticket ID, ticket severity, or other input parameters that you have specified. | search_ticket Investigation |
Update Ticket | Updates a ticket in Foresight based on the ticket ID, severity, and other input parameters you have specified. | update_ticket Investigation |
Parameter | Description |
---|---|
Ticket name | Name or title of the ticket that you want to create in Foresight. |
Ticket Description | Description of the ticket that you want to create in Foresight. Note: The ticket description field supports alphanumeric characters and has a maximum limit of 2000 characters. |
Ticket Type | Type, which mainly represents the module or entity of the ticket that you want to create in Foresight. |
Ticket Category | Category, which provides further bifurcation and is independent of the ticket type, of the ticket that you want to create in Foresight. |
Ticket Sub Category | Subcategory, which is dependent on the category you have specified, of the ticket that you want to create in Foresight. |
Ticket Severity | Severity of the ticket that you want to create in Foresight. You can choose from the following options: Critical, High, Medium, or Low. |
Ticket Domain | Domain of the ticket that you want to create in Foresight. |
Ticket SubDomain | Subdomain of the ticket that you want to create in Foresight. |
Event Date | Date when the event occurred that resulted in this ticket being raised. |
Service Type | Type of service of the ticket that you want to create in Foresight. |
Assignment Type | Type of assignment of the ticket that you want to create in Foresight. |
Ticket Priority | (Optional) Priority of the ticket that you want to create in Foresight. You can choose from the following options: High, Medium, or Low. |
External Link | (Optional) External link associated with the ticket that you want to create in Foresight. |
The output contains the following populated JSON schema:
{
"assigneeType": "",
"externalLink": "",
"category": "",
"status": "",
"priority": "",
"createdTime": "",
"eventDate": "",
"subDomain": "",
"name": "",
"domain": "",
"severity": "",
"modifiedTime": "",
"type": "",
"serviceType": "",
"ticketId": "",
"subCategory": "",
"description": ""
}
Note: All the input parameters are optional. However, if you do not specify any parameter, then no filter criterion is applied, and an unfiltered list is returned.
Parameter | Description |
---|---|
Ticket ID | Unique identifier of the ticket, which is created based on the category that you want to search in Foresight. |
Ticket name | Name or title of the ticket that you want to search in Foresight. |
Ticket Severity | Severity of the ticket that you want to search in Foresight. You can choose from the following options: Critical, High, Medium, or Low. |
Ticket Type | Type, which mainly represents the module or entity of the ticket that you want to search in Foresight. |
Ticket Priority | Priority of the ticket that you want to search in Foresight. You can choose from the following options: High, Medium, or Low. |
Ticket Status | Current status of ticket that you want to search in Foresight. You can choose from the following options: New, Open, Reopen, Parked, Resolved, Cancelled, or Closed. |
Ticket Category | Category of the ticket that you want to search in Foresight. |
Ticket Sub Category | Subcategory of the ticket that you want to search in Foresight. |
Ticket Domain | Domain of the ticket that you want to search in Foresight. |
Ticket SubDomain | Subdomain of the ticket that you want to search in Foresight. |
Service Type | Service type of the ticket that you want to search in Foresight. |
Assignment Type | Assignment type of the ticket that you want to search in Foresight. |
External Link | External link that is associated with the ticket that you want to search in Foresight. |
The output contains the following populated JSON schema:
{
"assigneeType": "",
"externalLink": "",
"category": "",
"status": "",
"priority": "",
"createdTime": "",
"eventDate": "",
"subDomain": "",
"name": "",
"domain": "",
"severity": "",
"modifiedTime": "",
"type": "",
"serviceType": "",
"ticketId": "",
"subCategory": "",
"description": ""
}
Parameter | Description |
---|---|
Ticket ID | Unique identifier of the ticket, which is created based on the category that you want to update in Foresight. |
Ticket Severity | Severity of the ticket that you want to update in Foresight. You can choose from the following options: Low, Medium, High, or Critical. |
Event Date | Date when the event occurred that resulted in this ticket being raised and which you want to update in the ticket in Foresight. |
Ticket Description | Description of the ticket that you want to update in Foresight. Note: The ticket description field supports alphanumeric characters and has a maximum limit of 2000 characters. |
The output contains the following populated JSON schema:
{
"assigneeType": "",
"externalLink": "",
"category": "",
"status": "",
"priority": "",
"createdTime": "",
"eventDate": "",
"subDomain": "",
"name": "",
"domain": "",
"severity": "",
"modifiedTime": "",
"type": "",
"serviceType": "",
"ticketId": "",
"subCategory": "",
"description": ""
}
The Sample - Foresight - 1.0.0
playbook collection comes bundled with the Foresight connector. These playbooks contain steps using which you can perform all supported actions. You can see bundled playbooks in the Automation > Playbooks section in FortiSOAR™ after importing the Foresight connector.
Note: If you are planning to use any of the sample playbooks in your environment, ensure that you clone those playbooks and move them to a different collection since the sample playbook collection gets deleted during connector upgrade and delete.
Foresight is a real-time analytics platform, which leverages and co-relates data from multiple sources, hence enabling discovery and valuable insights about the end-to-end network.
This document provides information about the Foresight connector, which facilitates automated interactions, with the Foresight server and API using FortiSOAR™ playbooks. Add the Foresight connector as a step in FortiSOAR™ playbooks and perform automated operations, such as creating or updating a ticket in Foresight or searches for tickets in Foresight.
Connector Version: 1.0.0
FortiSOAR™ Version Tested on: 5.0.0-866
Authored By: Fortinet
Certified: Yes
From FortiSOAR™ 5.0.0 onwards, use the Connector Store to install the connector. For the detailed procedure to install a connector, click here.
You can also use the yum command to install connectors. Connectors provided by FortiSOAR™ are delivered using a FortiSOAR™ repository. Therefore, you must set up your FortiSOAR™ repository and run the yum command as a root user to install connectors:
yum install cyops-connector-foresight
For the procedure to configure a connector, click here
In FortiSOAR™, on the Connectors page, click the Foresight connector row (if you are in the Grid view on the Connectors page) and in the Configurations tab enter the required configuration details:
Parameter | Description |
---|---|
Server Address | FQDN of the Foresight server to which you will connect and perform automated operations. |
API Key | API key configured for your account for using the Foresight API. |
Verify SSL | Specifies whether the SSL certificate for the server is to be verified or not. By default, this option is set as True. |
The following automated operations can be included in playbooks, and you can also use the annotations to access operations from FortiSOAR™ release 4.10.0 and onwards:
Function | Description | Annotation and Category |
---|---|---|
Create Ticket | Creates a ticket in Foresight based on the ticket name, description, type, and other input parameters you have specified. | create_ticket Investigation |
Search Ticket | Searches for all tickets or specific tickets in Foresight, based on the filter criteria such as the ticket ID, ticket severity, or other input parameters that you have specified. | search_ticket Investigation |
Update Ticket | Updates a ticket in Foresight based on the ticket ID, severity, and other input parameters you have specified. | update_ticket Investigation |
Parameter | Description |
---|---|
Ticket name | Name or title of the ticket that you want to create in Foresight. |
Ticket Description | Description of the ticket that you want to create in Foresight. Note: The ticket description field supports alphanumeric characters and has a maximum limit of 2000 characters. |
Ticket Type | Type, which mainly represents the module or entity of the ticket that you want to create in Foresight. |
Ticket Category | Category, which provides further bifurcation and is independent of the ticket type, of the ticket that you want to create in Foresight. |
Ticket Sub Category | Subcategory, which is dependent on the category you have specified, of the ticket that you want to create in Foresight. |
Ticket Severity | Severity of the ticket that you want to create in Foresight. You can choose from the following options: Critical, High, Medium, or Low. |
Ticket Domain | Domain of the ticket that you want to create in Foresight. |
Ticket SubDomain | Subdomain of the ticket that you want to create in Foresight. |
Event Date | Date when the event occurred that resulted in this ticket being raised. |
Service Type | Type of service of the ticket that you want to create in Foresight. |
Assignment Type | Type of assignment of the ticket that you want to create in Foresight. |
Ticket Priority | (Optional) Priority of the ticket that you want to create in Foresight. You can choose from the following options: High, Medium, or Low. |
External Link | (Optional) External link associated with the ticket that you want to create in Foresight. |
The output contains the following populated JSON schema:
{
"assigneeType": "",
"externalLink": "",
"category": "",
"status": "",
"priority": "",
"createdTime": "",
"eventDate": "",
"subDomain": "",
"name": "",
"domain": "",
"severity": "",
"modifiedTime": "",
"type": "",
"serviceType": "",
"ticketId": "",
"subCategory": "",
"description": ""
}
Note: All the input parameters are optional. However, if you do not specify any parameter, then no filter criterion is applied, and an unfiltered list is returned.
Parameter | Description |
---|---|
Ticket ID | Unique identifier of the ticket, which is created based on the category that you want to search in Foresight. |
Ticket name | Name or title of the ticket that you want to search in Foresight. |
Ticket Severity | Severity of the ticket that you want to search in Foresight. You can choose from the following options: Critical, High, Medium, or Low. |
Ticket Type | Type, which mainly represents the module or entity of the ticket that you want to search in Foresight. |
Ticket Priority | Priority of the ticket that you want to search in Foresight. You can choose from the following options: High, Medium, or Low. |
Ticket Status | Current status of ticket that you want to search in Foresight. You can choose from the following options: New, Open, Reopen, Parked, Resolved, Cancelled, or Closed. |
Ticket Category | Category of the ticket that you want to search in Foresight. |
Ticket Sub Category | Subcategory of the ticket that you want to search in Foresight. |
Ticket Domain | Domain of the ticket that you want to search in Foresight. |
Ticket SubDomain | Subdomain of the ticket that you want to search in Foresight. |
Service Type | Service type of the ticket that you want to search in Foresight. |
Assignment Type | Assignment type of the ticket that you want to search in Foresight. |
External Link | External link that is associated with the ticket that you want to search in Foresight. |
The output contains the following populated JSON schema:
{
"assigneeType": "",
"externalLink": "",
"category": "",
"status": "",
"priority": "",
"createdTime": "",
"eventDate": "",
"subDomain": "",
"name": "",
"domain": "",
"severity": "",
"modifiedTime": "",
"type": "",
"serviceType": "",
"ticketId": "",
"subCategory": "",
"description": ""
}
Parameter | Description |
---|---|
Ticket ID | Unique identifier of the ticket, which is created based on the category that you want to update in Foresight. |
Ticket Severity | Severity of the ticket that you want to update in Foresight. You can choose from the following options: Low, Medium, High, or Critical. |
Event Date | Date when the event occurred that resulted in this ticket being raised and which you want to update in the ticket in Foresight. |
Ticket Description | Description of the ticket that you want to update in Foresight. Note: The ticket description field supports alphanumeric characters and has a maximum limit of 2000 characters. |
The output contains the following populated JSON schema:
{
"assigneeType": "",
"externalLink": "",
"category": "",
"status": "",
"priority": "",
"createdTime": "",
"eventDate": "",
"subDomain": "",
"name": "",
"domain": "",
"severity": "",
"modifiedTime": "",
"type": "",
"serviceType": "",
"ticketId": "",
"subCategory": "",
"description": ""
}
The Sample - Foresight - 1.0.0
playbook collection comes bundled with the Foresight connector. These playbooks contain steps using which you can perform all supported actions. You can see bundled playbooks in the Automation > Playbooks section in FortiSOAR™ after importing the Foresight connector.
Note: If you are planning to use any of the sample playbooks in your environment, ensure that you clone those playbooks and move them to a different collection since the sample playbook collection gets deleted during connector upgrade and delete.