Fortinet FortiMail is an email security gateway product that monitors email messages on behalf of an organization to identify messages that contain malicious content, including spam, malware and phishing attempts.
This document provides information about the Fortinet FortiMail connector, which facilitates automated interactions, with your Fortinet FortiMail server using FortiSOAR™ playbooks. Add the Fortinet FortiMail connector, as a step in FortiSOAR™ playbooks and perform automated operations such as retrieving a list of all domains configured on Fortinet FortiMail and retrieving the sender blacklist and whitelist for session profiles.
Connector Version: 1.0.0
FortiSOAR™ Version Tested on: 4.12.1-253
Authored By: Fortinet
Certified: Yes
All connectors provided by FortiSOAR™ are delivered using a FortiSOAR™ repository. Therefore, you must set up your FortiSOAR™ repository and use the yum command to install connectors:
yum install cyops-connector-fortinet-fortimail
For the detailed procedure to install a connector, click here
For the procedure to configure a connector, click here
In FortiSOAR™, on the Connectors page, select the Fortinet FortiMail connector row, and in the Configure tab enter the required configuration details.
Parameter | Description |
---|---|
Server URL | URL of the Fortinet FortiMail server to which you will connect and perform automated operations. |
Username | Username of the Fortinet FortiMail server to which you will connect and perform automated operations. |
Password | Password used to access the Fortinet FortiMail server to which you will connect and perform the automated operations. |
Verify SSL | Specifies whether the SSL certificate for the server is to be verified or not. By default, this option is set as True. |
The following automated operations can be included in playbooks, and you can also use the annotations to access operations from FortiSOAR™ release 4.10.0 and onwards:
Function | Description | Annotation and Category |
---|---|---|
Get Domains Configured | Retrieves a list of all domains configured on Fortinet FortiMail. | get_domains Investigation |
Get AntiSpam Profiles for Domain | Retrieves a list of all AntiSpam Profiles for a specified domain in Fortinet FortiMail, based on the domain ID you have specified. | get_antispam_domains Investigation |
Get Recipient Policies for Domain | Retrieves a list of all Recipient Profiles for a specified domain in Fortinet FortiMail, based on the domain ID you have specified. | get_recipient_policies Investigation |
Get GreyList | Retrieves the Greylist configured on Fortinet FortiMail. | grey_list Investigation |
Get Auto Exempt GreyList | Retrieves the Auto Exempt Greylist configured on Fortinet FortiMail. | grey_list Investigation |
Get Sender Whitelist For Session Profile | Retrieves a list of sender whitelists from Fortinet FortiMail, based on the profile name you have specified. | get_session_safe_list Investigation |
Get Sender Blacklist for Session Profile | Retrieves a list of sender blacklists from Fortinet FortiMail, based on the profile name you have specified. | get_session_block_list Investigation |
Get Profile Name | Retrieves a list of profile names from Fortinet FortiMail, based on the profile type you have specified. | get_profile_name Investigation |
Update Session Profile | Updates a session profile on Fortinet FortiMail, based on the profile name and other input parameters you have specified. | update_session_profile Investigation |
Update Antispam Profile | Updates an antispam profile on Fortinet FortiMail, based on the profile name and other input parameters you have specified. | update_antispam_profile Investigation |
Create Session Profile | Creates a session profile on Fortinet FortiMail, based on the profile name and other input parameters you have specified. | create_session_profile Investigation |
Create Antispam Profile | Creates an antispam profile on Fortinet FortiMail, based on the profile name and other input parameters you have specified. | create_antispam_profile Investigation |
Delete Session Profile | Deletes a session profile from Fortinet FortiMail, based on the profile name you have specified. | delete_session_profile Investigation |
Delete Antispam Profile | Deletes an antispam profile from Fortinet FortiMail, based on the profile name you have specified. | delete_antispam_profile Investigation |
Get Session Profile Details | Retrieves details of a session profile from Fortinet FortiMail, based on the profile name you have specified. | get_session_profile Investigation |
Get Antispam Profile Details | Retrieves details of an antispam profile from Fortinet FortiMail, based on the profile name you have specified. | get_antispam_profile Investigation |
None.
The output contains the following populated JSON schema:
{
"collection": [
{
"mkey": "",
"is_subdomain": "",
"ip": "",
"recipient_verification": "",
"is_association": "",
"maindomain": "",
"mxflag": "",
"is_service_domain": "",
"port": ""
}
],
"objectID": "",
"reqAction": "",
"subCount": "",
"nextPage": "",
"totalRemoteCount": "",
"remoteSorting": ""
}
Parameter | Description |
---|---|
Domain | Name of the domain whose associated AntiSpam Profiles you want to retrieve from Fortinet FortiMail. |
The output contains the following populated JSON schema:
{
"collection": [
{
"mkey": "",
"minimum_dictionary_score": "",
"isReferenced": "",
"mdomain": "",
"dictionary_type": ""
}
],
"objectID": "",
"reqAction": "",
"subCount": "",
"nextPage": "",
"totalRemoteCount": "",
"remoteSorting": ""
}
Parameter | Description |
---|---|
Domain | Name of the domain whose associated Recipient Profiles you want to retrieve from Fortinet FortiMail. |
The output contains the following populated JSON schema:
{
"collection": [
{
"antispam": "",
"imap_auth": "",
"pkiauth": "",
"smtp_auth": "",
"comment": "",
"sender_email_address_group": "",
"antivirus": "",
"ldap_auth": "",
"groupmode": "",
"auth": "",
"misc": "",
"mdomain": "",
"sender_type": "",
"ldap_profile": "",
"recipient_pattern": "",
"mkey": "",
"sender_pattern": "",
"status": "",
"content": "",
"recipient_email_address_group": "",
"recipient_domain": "",
"pop3_auth": "",
"sender_domain": "",
"direction": "",
"profile_dlp": "",
"pkiuser": "",
"radius_auth": ""
}
],
"objectID": "",
"reqAction": "",
"subCount": "",
"nextPage": "",
"totalRemoteCount": "",
"remoteSorting": ""
}
None.
The output contains the following populated JSON schema:
{
"collection": [],
"objectID": "",
"reqAction": "",
"subCount": "",
"nextPage": "",
"totalRemoteCount": "",
"remoteSorting": ""
}
None.
The output contains the following populated JSON schema:
{
"collection": [],
"objectID": "",
"reqAction": "",
"subCount": "",
"nextPage": "",
"totalRemoteCount": "",
"remoteSorting": ""
}
Parameter | Description |
---|---|
Profile Name | Name of the session profile whose associated sender whitelist you want to retrieve from Fortinet FortiMail. |
The output contains the following populated JSON schema:
{
"totalRemoteCount": "",
"objectID": "",
"collection": [
{
"mkey": ""
}
],
"reqAction": "",
"subCount": "",
"nextPage": "",
"remoteSorting": ""
}
Parameter | Description |
---|---|
Profile Name | Name of the session profile whose associated sender whitelist you want to retrieve from Fortinet FortiMail. |
The output contains the following populated JSON schema:
{
"totalRemoteCount": "",
"objectID": "",
"collection": [
{
"mkey": ""
}
],
"reqAction": "",
"subCount": "",
"nextPage": "",
"remoteSorting": ""
}
Parameter | Description |
---|---|
Profile Type | Select type of profile based on which you want to retrieve profile names from Fortinet FortiMail. You can choose between Session and Antispam. |
The output contains a non-dictionary value.
Parameter | Description |
---|---|
Profile Name | Name of the profile that you want to update on Fortinet FortiMail. |
Connection Settings | Select this option to configure connection setting. If you select this option, then you can specify the following parameters:
|
Sender Reputation | Select this option to configure sender reputation. If you select this option, then you can specify the following parameters:
|
Endpoint Reputation | Select this option to configure Endpoint Reputation settings. This option allows you to restrict the ability of an MSISDN or subscriber ID to send email or MM3 multimedia messaging service (MMS) messages from a mobile device, based upon its endpoint reputation score. The MSISDN reputation score is similar to a sender reputation score. Once you select this option, you can configure the following additional parameters:
|
Sender Validation | Select this option to configure the settings to confirm sender and message authenticity. Once you select this option, you can configure the following additional parameters:
|
Session Settings | Select this option to configure session profiles. Once you select this option, you can configure the following additional parameters:
|
Lists | Select this option to configure the sender and recipient block lists and safe lists, if any, to sue with the session profile. Block and safe lists are separate for each session profile, and apply only to traffic controlled by the IP-based policy to which the session profile is applied. Once you select this option, you can configure the following additional parameters:
|
The output contains the following populated JSON schema:
{
"check_client_ip_quick": "",
"sender_addr_rate_ctrl_state": "",
"disallow_empty_domains": "",
"session_action_msg_type": "",
"bounce_rule": "",
"error_free": "",
"error_initial_delay": "",
"check_mason_effect": "",
"check_helo_domain": "",
"route": "",
"sender_reputation_throttle": "",
"conn_concurrent": "",
"msisdn_sender_reputation_action": "",
"access_control": "",
"sender_reputation_throttle_number": "",
"check_domain_chars": "",
"number_of_messages": "",
"check_recipient_domain": "",
"sender_addr_rate_ctrl_max_recipients": "",
"sender_rewrite": "",
"domainkey": "",
"error_increment": "",
"sender_addr_rate_ctrl_action": "",
"remote_log": "",
"spf": "",
"splice_after": "",
"sender_verification_profile": "",
"limit_RSETs": "",
"msisdn_sender_reputation_blacklist_duration": "",
"mkey": "",
"action": "",
"check_open_relay": "",
"limit_NOOPs": "",
"rewrite_helo_custom": "",
"to_whitelist_enable": "",
"disallow_encrypted": "",
"conn_blacklisted": "",
"block_encrypted": "",
"helo_custom": "",
"error_total": "",
"recipient_rewrite": "",
"sender_reputation_reject": "",
"msisdn_sender_reputation_trigger": "",
"eom_ack": "",
"splice_enable": "",
"dkim": true,
"command_checking": "",
"allow_pipelining": "",
"number_of_recipients": "",
"limit_helos": "",
"bypass_bounce_verify": "",
"limit_emails": "",
"conn_rate_how_many": "",
"conn_idle_timeout": "",
"rewrite": "",
"dkim_signing_authenticated_only": "",
"reqAction": "",
"check_sender_domain": "",
"limit_recipients": "",
"hide_received": "",
"conn_hide": "",
"limit_message_size": "",
"whitelist_enable": "",
"splice_what": "",
"dkim_signing": "",
"to_blacklist_enable": "",
"msisdn_sender_reputation_status": "",
"blacklist_enable": "",
"queue": "",
"sender_reputation_throttle_percent": "",
"objectID": "",
"sender_reputation": "",
"hide_header": "",
"limit_header_size": "",
"sender_reputation_tempfail": "",
"rewrite_helo": "",
"sender_verification": ""
}
Parameter | Description |
---|---|
Profile Name | Name of the antispam profile that you want to update on Fortinet FortiMail. |
Default Action | Select the default action that this operation should take when the policy matches. You can choose from the following actions: None, Default, Discard, Reject, System Quarantine, User Quarantine, or Tag Subject. |
Scan Configurations | Select this option to configure the scan on Fortinet FortiMail. If you select this option, then you can configure the following parameters:
|
The output contains the following populated JSON schema:
{
"scanner_dictionary": "",
"deepheader_analysis": "",
"apply_action_default": "",
"scanner_virus": "",
"action_spf_fail": "",
"action_spf_soft_fail": "",
"bayesian_autotraining": "",
"suspicious_newsletter_status": "",
"scanner_surbl": "",
"spf_soft_fail_status": "",
"scan_maxsize": "",
"scanner_banned_word": "",
"action_suspicious_newsletter": "",
"surbl": "",
"dnsbl": "",
"scanner_phishing_uri": "",
"deepheader_check_ip": "",
"whitelistword": "",
"action_impersonation_analysis": "",
"imagespam": "",
"heuristic_upper": "",
"scanner_fortiguard": "",
"scanner_grey_list": "",
"aggressive": "",
"action_spf_sender_alignment": "",
"bayesian_user_db": "",
"spam_outbreak": "",
"dictionary_group_id": "",
"mkey": "",
"minimum_dictionary_score": "",
"fortiguard_check_ip": "",
"uri_filter_fortiguard": "",
"bayesian": "",
"bannedword": "",
"spf_none_status": "",
"action_uri_filter_secondary": "",
"action_dmarc": "",
"spf_neutral_status": "",
"spf_pass_status": "",
"scanner_fortiguard_blackip": "",
"action_newsletter": "",
"action_spf_none": "",
"scan_pdf": "",
"action_behavior_analysis": "",
"impersonation": "",
"greylist": "",
"spf_perm_error_status": "",
"bayesian_usertraining": "",
"dmarc_status": "",
"spf_checking": "",
"scanner_heuristic": "",
"scanner_bayesian": "",
"behavior_analysis": "",
"reqAction": "",
"fortiguard": "",
"heuristic_lower": "",
"scanner_rbl": "",
"spf_fail_status": "",
"spf_temp_error_status": "",
"scanner_default": "",
"phishing_uri": "",
"spf_sender_alignment_status": "",
"impersonation_analysis": "",
"newsletter_status": "",
"uri_filter_secondary_status": "",
"action_spf_temp_error": "",
"heuristic": "",
"uri_filter_secondary": "unrated",
"dictionary_type": "",
"objectID": "",
"action_spf_perm_error": "",
"dictionary_profile_id_new": "",
"action_spf_neutral": "",
"scanner_deep_header": "",
"heuristic_rules_percent": "",
"scanner_image_spam": "",
"scan_bypass_on_auth": "",
"action_spf_pass": "",
"dictionary": ""
}
Parameter | Description |
---|---|
Profile Name | Provide the Session Profile Name to Create the Profile. |
Connection Settings | Select this option to configure connection setting. If you select this option, then you must specify the following parameters:
|
Sender Reputation | Select this option to configure sender reputation. If you select this option, then you must specify the following parameters:
|
Endpoint Reputation | Select this option to configure Endpoint Reputation settings. This option allows you to restrict the ability of an MSISDN or subscriber ID to send email or MM3 multimedia messaging service (MMS) messages from a mobile device, based upon its endpoint reputation score. The MSISDN reputation score is similar to a sender reputation score. Once you select this option, you can configure the following additional parameters:
|
Sender Validation | Select this option to configure the settings to confirm sender and message authenticity. Once you select this option, you can configure the following additional parameters:
|
Session Settings | Select this option to configure session profiles. Once you select this option, you can configure the following additional parameters:
|
Lists | Select this option to configure the sender and recipient block lists and safe lists, if any, to sue with the session profile. Block and safe lists are separate for each session profile, and apply only to traffic controlled by the IP-based policy to which the session profile is applied. Once you select this option, you can configure the following additional parameters:
|
The output contains the following populated JSON schema:
{
"check_client_ip_quick": "",
"sender_addr_rate_ctrl_state": "",
"disallow_empty_domains": "",
"session_action_msg_type": "",
"bounce_rule": "",
"error_free": "",
"error_initial_delay": "",
"check_mason_effect": "",
"check_helo_domain": "",
"route": "",
"sender_reputation_throttle": "",
"conn_concurrent": "",
"msisdn_sender_reputation_action": "",
"access_control": "",
"sender_reputation_throttle_number": "",
"check_domain_chars": "",
"number_of_messages": "",
"check_recipient_domain": "",
"sender_addr_rate_ctrl_max_recipients": "",
"sender_rewrite": "",
"domainkey": "",
"error_increment": "",
"sender_addr_rate_ctrl_action": "",
"remote_log": "",
"spf": "",
"splice_after": "",
"sender_verification_profile": "",
"limit_RSETs": "",
"msisdn_sender_reputation_blacklist_duration": "",
"mkey": "",
"action": "",
"check_open_relay": "",
"limit_NOOPs": "",
"rewrite_helo_custom": "",
"to_whitelist_enable": "",
"disallow_encrypted": "",
"conn_blacklisted": "",
"block_encrypted": "",
"helo_custom": "",
"error_total": "",
"recipient_rewrite": "",
"sender_reputation_reject": "",
"msisdn_sender_reputation_trigger": "",
"eom_ack": "",
"splice_enable": "",
"dkim": true,
"command_checking": "",
"allow_pipelining": "",
"number_of_recipients": "",
"limit_helos": "",
"bypass_bounce_verify": "",
"limit_emails": "",
"conn_rate_how_many": "",
"conn_idle_timeout": "",
"rewrite": "",
"dkim_signing_authenticated_only": "",
"reqAction": "",
"check_sender_domain": "",
"limit_recipients": "",
"hide_received": "",
"conn_hide": "",
"limit_message_size": "",
"whitelist_enable": "",
"splice_what": "",
"dkim_signing": "",
"to_blacklist_enable": "",
"msisdn_sender_reputation_status": "",
"blacklist_enable": "",
"queue": "",
"sender_reputation_throttle_percent": "",
"objectID": "",
"sender_reputation": "",
"hide_header": "",
"limit_header_size": "",
"sender_reputation_tempfail": "",
"rewrite_helo": "",
"sender_verification": ""
}
Parameter | Description |
---|---|
Profile Name | Name of the antispam profile that you want to create on Fortinet FortiMail. |
Deafult Action | Select the default action that this operation should take when the policy matches. You can choose from the following actions: None, Default, Discard, Reject, System Quarantine, User Quarantine, or Tag Subject. |
Scan Configurations | Select this option to configure the scan on Fortinet FortiMail. If you select this option, then you can configure the following parameters:
|
The output contains the following populated JSON schema:
{
"scanner_dictionary": "",
"deepheader_analysis": "",
"apply_action_default": "",
"scanner_virus": "",
"action_spf_fail": "",
"action_spf_soft_fail": "",
"bayesian_autotraining": "",
"suspicious_newsletter_status": "",
"scanner_surbl": "",
"spf_soft_fail_status": "",
"scan_maxsize": "",
"scanner_banned_word": "",
"action_suspicious_newsletter": "",
"surbl": "",
"dnsbl": "",
"scanner_phishing_uri": "",
"deepheader_check_ip": "",
"whitelistword": "",
"action_impersonation_analysis": "",
"imagespam": "",
"heuristic_upper": "",
"scanner_fortiguard": "",
"scanner_grey_list": "",
"aggressive": "",
"action_spf_sender_alignment": "",
"bayesian_user_db": "",
"spam_outbreak": "",
"dictionary_group_id": "",
"mkey": "",
"minimum_dictionary_score": "",
"fortiguard_check_ip": "",
"uri_filter_fortiguard": "",
"bayesian": "",
"bannedword": "",
"spf_none_status": "",
"action_uri_filter_secondary": "",
"action_dmarc": "",
"spf_neutral_status": "",
"spf_pass_status": "",
"scanner_fortiguard_blackip": "",
"action_newsletter": "",
"action_spf_none": "",
"scan_pdf": "",
"action_behavior_analysis": "",
"impersonation": "",
"greylist": "",
"spf_perm_error_status": "",
"bayesian_usertraining": "",
"dmarc_status": "",
"spf_checking": "",
"scanner_heuristic": "",
"scanner_bayesian": "",
"behavior_analysis": "",
"reqAction": "",
"fortiguard": "",
"heuristic_lower": "",
"scanner_rbl": "",
"spf_fail_status": "",
"spf_temp_error_status": "",
"scanner_default": "",
"phishing_uri": "",
"spf_sender_alignment_status": "",
"impersonation_analysis": "",
"newsletter_status": "",
"uri_filter_secondary_status": "",
"action_spf_temp_error": "",
"heuristic": "",
"uri_filter_secondary": "unrated",
"dictionary_type": "",
"objectID": "",
"action_spf_perm_error": "",
"dictionary_profile_id_new": "",
"action_spf_neutral": "",
"scanner_deep_header": "",
"heuristic_rules_percent": "",
"scanner_image_spam": "",
"scan_bypass_on_auth": "",
"action_spf_pass": "",
"dictionary": ""
}
Parameter | Description |
---|---|
Profile Name | Name of the session profile that you want to delete from Fortinet FortiMail. |
The output contains the following populated JSON schema:
{
"objectID": "",
"errorMsg": "",
"errorType": "",
"reqAction": ""
}
Parameter | Description |
---|---|
Profile Name | Name of the antispam profile that you want to delete from Fortinet FortiMail. |
The output contains the following populated JSON schema:
{
"objectID": "",
"errorMsg": "",
"errorType": "",
"reqAction": ""
}
Parameter | Description |
---|---|
Profile Name | Name of the session profile whose details you want to delete from Fortinet FortiMail. |
The output contains the following populated JSON schema:
{
"check_client_ip_quick": "",
"sender_addr_rate_ctrl_state": "",
"disallow_empty_domains": "",
"session_action_msg_type": "",
"bounce_rule": "",
"error_free": "",
"error_initial_delay": "",
"check_mason_effect": "",
"check_helo_domain": "",
"route": "",
"sender_reputation_throttle": "",
"conn_concurrent": "",
"msisdn_sender_reputation_action": "",
"access_control": "",
"sender_reputation_throttle_number": "",
"check_domain_chars": "",
"number_of_messages": "",
"check_recipient_domain": "",
"sender_addr_rate_ctrl_max_recipients": "",
"sender_rewrite": "",
"domainkey": "",
"error_increment": "",
"sender_addr_rate_ctrl_action": "",
"remote_log": "",
"spf": "",
"splice_after": "",
"sender_verification_profile": "",
"limit_RSETs": "",
"msisdn_sender_reputation_blacklist_duration": "",
"mkey": "",
"action": "",
"check_open_relay": "",
"limit_NOOPs": "",
"rewrite_helo_custom": "",
"to_whitelist_enable": "",
"disallow_encrypted": "",
"conn_blacklisted": "",
"block_encrypted": "",
"helo_custom": "",
"error_total": "",
"recipient_rewrite": "",
"sender_reputation_reject": "",
"msisdn_sender_reputation_trigger": "",
"eom_ack": "",
"splice_enable": "",
"dkim": true,
"command_checking": "",
"allow_pipelining": "",
"number_of_recipients": "",
"limit_helos": "",
"bypass_bounce_verify": "",
"limit_emails": "",
"conn_rate_how_many": "",
"conn_idle_timeout": "",
"rewrite": "",
"dkim_signing_authenticated_only": "",
"reqAction": "",
"check_sender_domain": "",
"limit_recipients": "",
"hide_received": "",
"conn_hide": "",
"limit_message_size": "",
"whitelist_enable": "",
"splice_what": "",
"dkim_signing": "",
"to_blacklist_enable": "",
"msisdn_sender_reputation_status": "",
"blacklist_enable": "",
"queue": "",
"sender_reputation_throttle_percent": "",
"objectID": "",
"sender_reputation": "",
"hide_header": "",
"limit_header_size": "",
"sender_reputation_tempfail": "",
"rewrite_helo": "",
"sender_verification": ""
}
Parameter | Description |
---|---|
Profile Name | Name of the antispam profile whose associated details you want to retrieve from Fortinet FortiMail. |
The output contains the following populated JSON schema:
{
"scanner_dictionary": "",
"deepheader_analysis": "",
"apply_action_default": "",
"scanner_virus": "",
"action_spf_fail": "",
"action_spf_soft_fail": "",
"bayesian_autotraining": "",
"suspicious_newsletter_status": "",
"scanner_surbl": "",
"spf_soft_fail_status": "",
"scan_maxsize": "",
"scanner_banned_word": "",
"action_suspicious_newsletter": "",
"surbl": "",
"dnsbl": "",
"scanner_phishing_uri": "",
"deepheader_check_ip": "",
"whitelistword": "",
"action_impersonation_analysis": "",
"imagespam": "",
"heuristic_upper": "",
"scanner_fortiguard": "",
"scanner_grey_list": "",
"aggressive": "",
"action_spf_sender_alignment": "",
"bayesian_user_db": "",
"spam_outbreak": "",
"dictionary_group_id": "",
"mkey": "",
"minimum_dictionary_score": "",
"fortiguard_check_ip": "",
"uri_filter_fortiguard": "",
"bayesian": "",
"bannedword": "",
"spf_none_status": "",
"action_uri_filter_secondary": "",
"action_dmarc": "",
"spf_neutral_status": "",
"spf_pass_status": "",
"scanner_fortiguard_blackip": "",
"action_newsletter": "",
"action_spf_none": "",
"scan_pdf": "",
"action_behavior_analysis": "",
"impersonation": "",
"greylist": "",
"spf_perm_error_status": "",
"bayesian_usertraining": "",
"dmarc_status": "",
"spf_checking": "",
"scanner_heuristic": "",
"scanner_bayesian": "",
"behavior_analysis": "",
"reqAction": "",
"fortiguard": "",
"heuristic_lower": "",
"scanner_rbl": "",
"spf_fail_status": "",
"spf_temp_error_status": "",
"scanner_default": "",
"phishing_uri": "",
"spf_sender_alignment_status": "",
"impersonation_analysis": "",
"newsletter_status": "",
"uri_filter_secondary_status": "",
"action_spf_temp_error": "",
"heuristic": "",
"uri_filter_secondary": "unrated",
"dictionary_type": "",
"objectID": "",
"action_spf_perm_error": "",
"dictionary_profile_id_new": "",
"action_spf_neutral": "",
"scanner_deep_header": "",
"heuristic_rules_percent": "",
"scanner_image_spam": "",
"scan_bypass_on_auth": "",
"action_spf_pass": "",
"dictionary": ""
}
The Sample - Fortinet Fortimail - 1.0.0
playbook collection comes bundled with the Fortinet FortiMail connector. These playbooks contain steps using which you can perform all supported actions. You can see bundled playbooks in the Automation > Playbooks section in FortiSOAR™ after importing the Fortinet FortiMail connector.
Note: If you are planning to use any of the sample playbooks in your environment, ensure that you clone those playbooks and move them to a different collection since the sample playbook collection gets deleted during connector upgrade and delete.
Fortinet FortiMail is an email security gateway product that monitors email messages on behalf of an organization to identify messages that contain malicious content, including spam, malware and phishing attempts.
This document provides information about the Fortinet FortiMail connector, which facilitates automated interactions, with your Fortinet FortiMail server using FortiSOAR™ playbooks. Add the Fortinet FortiMail connector, as a step in FortiSOAR™ playbooks and perform automated operations such as retrieving a list of all domains configured on Fortinet FortiMail and retrieving the sender blacklist and whitelist for session profiles.
Connector Version: 1.0.0
FortiSOAR™ Version Tested on: 4.12.1-253
Authored By: Fortinet
Certified: Yes
All connectors provided by FortiSOAR™ are delivered using a FortiSOAR™ repository. Therefore, you must set up your FortiSOAR™ repository and use the yum command to install connectors:
yum install cyops-connector-fortinet-fortimail
For the detailed procedure to install a connector, click here
For the procedure to configure a connector, click here
In FortiSOAR™, on the Connectors page, select the Fortinet FortiMail connector row, and in the Configure tab enter the required configuration details.
Parameter | Description |
---|---|
Server URL | URL of the Fortinet FortiMail server to which you will connect and perform automated operations. |
Username | Username of the Fortinet FortiMail server to which you will connect and perform automated operations. |
Password | Password used to access the Fortinet FortiMail server to which you will connect and perform the automated operations. |
Verify SSL | Specifies whether the SSL certificate for the server is to be verified or not. By default, this option is set as True. |
The following automated operations can be included in playbooks, and you can also use the annotations to access operations from FortiSOAR™ release 4.10.0 and onwards:
Function | Description | Annotation and Category |
---|---|---|
Get Domains Configured | Retrieves a list of all domains configured on Fortinet FortiMail. | get_domains Investigation |
Get AntiSpam Profiles for Domain | Retrieves a list of all AntiSpam Profiles for a specified domain in Fortinet FortiMail, based on the domain ID you have specified. | get_antispam_domains Investigation |
Get Recipient Policies for Domain | Retrieves a list of all Recipient Profiles for a specified domain in Fortinet FortiMail, based on the domain ID you have specified. | get_recipient_policies Investigation |
Get GreyList | Retrieves the Greylist configured on Fortinet FortiMail. | grey_list Investigation |
Get Auto Exempt GreyList | Retrieves the Auto Exempt Greylist configured on Fortinet FortiMail. | grey_list Investigation |
Get Sender Whitelist For Session Profile | Retrieves a list of sender whitelists from Fortinet FortiMail, based on the profile name you have specified. | get_session_safe_list Investigation |
Get Sender Blacklist for Session Profile | Retrieves a list of sender blacklists from Fortinet FortiMail, based on the profile name you have specified. | get_session_block_list Investigation |
Get Profile Name | Retrieves a list of profile names from Fortinet FortiMail, based on the profile type you have specified. | get_profile_name Investigation |
Update Session Profile | Updates a session profile on Fortinet FortiMail, based on the profile name and other input parameters you have specified. | update_session_profile Investigation |
Update Antispam Profile | Updates an antispam profile on Fortinet FortiMail, based on the profile name and other input parameters you have specified. | update_antispam_profile Investigation |
Create Session Profile | Creates a session profile on Fortinet FortiMail, based on the profile name and other input parameters you have specified. | create_session_profile Investigation |
Create Antispam Profile | Creates an antispam profile on Fortinet FortiMail, based on the profile name and other input parameters you have specified. | create_antispam_profile Investigation |
Delete Session Profile | Deletes a session profile from Fortinet FortiMail, based on the profile name you have specified. | delete_session_profile Investigation |
Delete Antispam Profile | Deletes an antispam profile from Fortinet FortiMail, based on the profile name you have specified. | delete_antispam_profile Investigation |
Get Session Profile Details | Retrieves details of a session profile from Fortinet FortiMail, based on the profile name you have specified. | get_session_profile Investigation |
Get Antispam Profile Details | Retrieves details of an antispam profile from Fortinet FortiMail, based on the profile name you have specified. | get_antispam_profile Investigation |
None.
The output contains the following populated JSON schema:
{
"collection": [
{
"mkey": "",
"is_subdomain": "",
"ip": "",
"recipient_verification": "",
"is_association": "",
"maindomain": "",
"mxflag": "",
"is_service_domain": "",
"port": ""
}
],
"objectID": "",
"reqAction": "",
"subCount": "",
"nextPage": "",
"totalRemoteCount": "",
"remoteSorting": ""
}
Parameter | Description |
---|---|
Domain | Name of the domain whose associated AntiSpam Profiles you want to retrieve from Fortinet FortiMail. |
The output contains the following populated JSON schema:
{
"collection": [
{
"mkey": "",
"minimum_dictionary_score": "",
"isReferenced": "",
"mdomain": "",
"dictionary_type": ""
}
],
"objectID": "",
"reqAction": "",
"subCount": "",
"nextPage": "",
"totalRemoteCount": "",
"remoteSorting": ""
}
Parameter | Description |
---|---|
Domain | Name of the domain whose associated Recipient Profiles you want to retrieve from Fortinet FortiMail. |
The output contains the following populated JSON schema:
{
"collection": [
{
"antispam": "",
"imap_auth": "",
"pkiauth": "",
"smtp_auth": "",
"comment": "",
"sender_email_address_group": "",
"antivirus": "",
"ldap_auth": "",
"groupmode": "",
"auth": "",
"misc": "",
"mdomain": "",
"sender_type": "",
"ldap_profile": "",
"recipient_pattern": "",
"mkey": "",
"sender_pattern": "",
"status": "",
"content": "",
"recipient_email_address_group": "",
"recipient_domain": "",
"pop3_auth": "",
"sender_domain": "",
"direction": "",
"profile_dlp": "",
"pkiuser": "",
"radius_auth": ""
}
],
"objectID": "",
"reqAction": "",
"subCount": "",
"nextPage": "",
"totalRemoteCount": "",
"remoteSorting": ""
}
None.
The output contains the following populated JSON schema:
{
"collection": [],
"objectID": "",
"reqAction": "",
"subCount": "",
"nextPage": "",
"totalRemoteCount": "",
"remoteSorting": ""
}
None.
The output contains the following populated JSON schema:
{
"collection": [],
"objectID": "",
"reqAction": "",
"subCount": "",
"nextPage": "",
"totalRemoteCount": "",
"remoteSorting": ""
}
Parameter | Description |
---|---|
Profile Name | Name of the session profile whose associated sender whitelist you want to retrieve from Fortinet FortiMail. |
The output contains the following populated JSON schema:
{
"totalRemoteCount": "",
"objectID": "",
"collection": [
{
"mkey": ""
}
],
"reqAction": "",
"subCount": "",
"nextPage": "",
"remoteSorting": ""
}
Parameter | Description |
---|---|
Profile Name | Name of the session profile whose associated sender whitelist you want to retrieve from Fortinet FortiMail. |
The output contains the following populated JSON schema:
{
"totalRemoteCount": "",
"objectID": "",
"collection": [
{
"mkey": ""
}
],
"reqAction": "",
"subCount": "",
"nextPage": "",
"remoteSorting": ""
}
Parameter | Description |
---|---|
Profile Type | Select type of profile based on which you want to retrieve profile names from Fortinet FortiMail. You can choose between Session and Antispam. |
The output contains a non-dictionary value.
Parameter | Description |
---|---|
Profile Name | Name of the profile that you want to update on Fortinet FortiMail. |
Connection Settings | Select this option to configure connection setting. If you select this option, then you can specify the following parameters:
|
Sender Reputation | Select this option to configure sender reputation. If you select this option, then you can specify the following parameters:
|
Endpoint Reputation | Select this option to configure Endpoint Reputation settings. This option allows you to restrict the ability of an MSISDN or subscriber ID to send email or MM3 multimedia messaging service (MMS) messages from a mobile device, based upon its endpoint reputation score. The MSISDN reputation score is similar to a sender reputation score. Once you select this option, you can configure the following additional parameters:
|
Sender Validation | Select this option to configure the settings to confirm sender and message authenticity. Once you select this option, you can configure the following additional parameters:
|
Session Settings | Select this option to configure session profiles. Once you select this option, you can configure the following additional parameters:
|
Lists | Select this option to configure the sender and recipient block lists and safe lists, if any, to sue with the session profile. Block and safe lists are separate for each session profile, and apply only to traffic controlled by the IP-based policy to which the session profile is applied. Once you select this option, you can configure the following additional parameters:
|
The output contains the following populated JSON schema:
{
"check_client_ip_quick": "",
"sender_addr_rate_ctrl_state": "",
"disallow_empty_domains": "",
"session_action_msg_type": "",
"bounce_rule": "",
"error_free": "",
"error_initial_delay": "",
"check_mason_effect": "",
"check_helo_domain": "",
"route": "",
"sender_reputation_throttle": "",
"conn_concurrent": "",
"msisdn_sender_reputation_action": "",
"access_control": "",
"sender_reputation_throttle_number": "",
"check_domain_chars": "",
"number_of_messages": "",
"check_recipient_domain": "",
"sender_addr_rate_ctrl_max_recipients": "",
"sender_rewrite": "",
"domainkey": "",
"error_increment": "",
"sender_addr_rate_ctrl_action": "",
"remote_log": "",
"spf": "",
"splice_after": "",
"sender_verification_profile": "",
"limit_RSETs": "",
"msisdn_sender_reputation_blacklist_duration": "",
"mkey": "",
"action": "",
"check_open_relay": "",
"limit_NOOPs": "",
"rewrite_helo_custom": "",
"to_whitelist_enable": "",
"disallow_encrypted": "",
"conn_blacklisted": "",
"block_encrypted": "",
"helo_custom": "",
"error_total": "",
"recipient_rewrite": "",
"sender_reputation_reject": "",
"msisdn_sender_reputation_trigger": "",
"eom_ack": "",
"splice_enable": "",
"dkim": true,
"command_checking": "",
"allow_pipelining": "",
"number_of_recipients": "",
"limit_helos": "",
"bypass_bounce_verify": "",
"limit_emails": "",
"conn_rate_how_many": "",
"conn_idle_timeout": "",
"rewrite": "",
"dkim_signing_authenticated_only": "",
"reqAction": "",
"check_sender_domain": "",
"limit_recipients": "",
"hide_received": "",
"conn_hide": "",
"limit_message_size": "",
"whitelist_enable": "",
"splice_what": "",
"dkim_signing": "",
"to_blacklist_enable": "",
"msisdn_sender_reputation_status": "",
"blacklist_enable": "",
"queue": "",
"sender_reputation_throttle_percent": "",
"objectID": "",
"sender_reputation": "",
"hide_header": "",
"limit_header_size": "",
"sender_reputation_tempfail": "",
"rewrite_helo": "",
"sender_verification": ""
}
Parameter | Description |
---|---|
Profile Name | Name of the antispam profile that you want to update on Fortinet FortiMail. |
Default Action | Select the default action that this operation should take when the policy matches. You can choose from the following actions: None, Default, Discard, Reject, System Quarantine, User Quarantine, or Tag Subject. |
Scan Configurations | Select this option to configure the scan on Fortinet FortiMail. If you select this option, then you can configure the following parameters:
|
The output contains the following populated JSON schema:
{
"scanner_dictionary": "",
"deepheader_analysis": "",
"apply_action_default": "",
"scanner_virus": "",
"action_spf_fail": "",
"action_spf_soft_fail": "",
"bayesian_autotraining": "",
"suspicious_newsletter_status": "",
"scanner_surbl": "",
"spf_soft_fail_status": "",
"scan_maxsize": "",
"scanner_banned_word": "",
"action_suspicious_newsletter": "",
"surbl": "",
"dnsbl": "",
"scanner_phishing_uri": "",
"deepheader_check_ip": "",
"whitelistword": "",
"action_impersonation_analysis": "",
"imagespam": "",
"heuristic_upper": "",
"scanner_fortiguard": "",
"scanner_grey_list": "",
"aggressive": "",
"action_spf_sender_alignment": "",
"bayesian_user_db": "",
"spam_outbreak": "",
"dictionary_group_id": "",
"mkey": "",
"minimum_dictionary_score": "",
"fortiguard_check_ip": "",
"uri_filter_fortiguard": "",
"bayesian": "",
"bannedword": "",
"spf_none_status": "",
"action_uri_filter_secondary": "",
"action_dmarc": "",
"spf_neutral_status": "",
"spf_pass_status": "",
"scanner_fortiguard_blackip": "",
"action_newsletter": "",
"action_spf_none": "",
"scan_pdf": "",
"action_behavior_analysis": "",
"impersonation": "",
"greylist": "",
"spf_perm_error_status": "",
"bayesian_usertraining": "",
"dmarc_status": "",
"spf_checking": "",
"scanner_heuristic": "",
"scanner_bayesian": "",
"behavior_analysis": "",
"reqAction": "",
"fortiguard": "",
"heuristic_lower": "",
"scanner_rbl": "",
"spf_fail_status": "",
"spf_temp_error_status": "",
"scanner_default": "",
"phishing_uri": "",
"spf_sender_alignment_status": "",
"impersonation_analysis": "",
"newsletter_status": "",
"uri_filter_secondary_status": "",
"action_spf_temp_error": "",
"heuristic": "",
"uri_filter_secondary": "unrated",
"dictionary_type": "",
"objectID": "",
"action_spf_perm_error": "",
"dictionary_profile_id_new": "",
"action_spf_neutral": "",
"scanner_deep_header": "",
"heuristic_rules_percent": "",
"scanner_image_spam": "",
"scan_bypass_on_auth": "",
"action_spf_pass": "",
"dictionary": ""
}
Parameter | Description |
---|---|
Profile Name | Provide the Session Profile Name to Create the Profile. |
Connection Settings | Select this option to configure connection setting. If you select this option, then you must specify the following parameters:
|
Sender Reputation | Select this option to configure sender reputation. If you select this option, then you must specify the following parameters:
|
Endpoint Reputation | Select this option to configure Endpoint Reputation settings. This option allows you to restrict the ability of an MSISDN or subscriber ID to send email or MM3 multimedia messaging service (MMS) messages from a mobile device, based upon its endpoint reputation score. The MSISDN reputation score is similar to a sender reputation score. Once you select this option, you can configure the following additional parameters:
|
Sender Validation | Select this option to configure the settings to confirm sender and message authenticity. Once you select this option, you can configure the following additional parameters:
|
Session Settings | Select this option to configure session profiles. Once you select this option, you can configure the following additional parameters:
|
Lists | Select this option to configure the sender and recipient block lists and safe lists, if any, to sue with the session profile. Block and safe lists are separate for each session profile, and apply only to traffic controlled by the IP-based policy to which the session profile is applied. Once you select this option, you can configure the following additional parameters:
|
The output contains the following populated JSON schema:
{
"check_client_ip_quick": "",
"sender_addr_rate_ctrl_state": "",
"disallow_empty_domains": "",
"session_action_msg_type": "",
"bounce_rule": "",
"error_free": "",
"error_initial_delay": "",
"check_mason_effect": "",
"check_helo_domain": "",
"route": "",
"sender_reputation_throttle": "",
"conn_concurrent": "",
"msisdn_sender_reputation_action": "",
"access_control": "",
"sender_reputation_throttle_number": "",
"check_domain_chars": "",
"number_of_messages": "",
"check_recipient_domain": "",
"sender_addr_rate_ctrl_max_recipients": "",
"sender_rewrite": "",
"domainkey": "",
"error_increment": "",
"sender_addr_rate_ctrl_action": "",
"remote_log": "",
"spf": "",
"splice_after": "",
"sender_verification_profile": "",
"limit_RSETs": "",
"msisdn_sender_reputation_blacklist_duration": "",
"mkey": "",
"action": "",
"check_open_relay": "",
"limit_NOOPs": "",
"rewrite_helo_custom": "",
"to_whitelist_enable": "",
"disallow_encrypted": "",
"conn_blacklisted": "",
"block_encrypted": "",
"helo_custom": "",
"error_total": "",
"recipient_rewrite": "",
"sender_reputation_reject": "",
"msisdn_sender_reputation_trigger": "",
"eom_ack": "",
"splice_enable": "",
"dkim": true,
"command_checking": "",
"allow_pipelining": "",
"number_of_recipients": "",
"limit_helos": "",
"bypass_bounce_verify": "",
"limit_emails": "",
"conn_rate_how_many": "",
"conn_idle_timeout": "",
"rewrite": "",
"dkim_signing_authenticated_only": "",
"reqAction": "",
"check_sender_domain": "",
"limit_recipients": "",
"hide_received": "",
"conn_hide": "",
"limit_message_size": "",
"whitelist_enable": "",
"splice_what": "",
"dkim_signing": "",
"to_blacklist_enable": "",
"msisdn_sender_reputation_status": "",
"blacklist_enable": "",
"queue": "",
"sender_reputation_throttle_percent": "",
"objectID": "",
"sender_reputation": "",
"hide_header": "",
"limit_header_size": "",
"sender_reputation_tempfail": "",
"rewrite_helo": "",
"sender_verification": ""
}
Parameter | Description |
---|---|
Profile Name | Name of the antispam profile that you want to create on Fortinet FortiMail. |
Deafult Action | Select the default action that this operation should take when the policy matches. You can choose from the following actions: None, Default, Discard, Reject, System Quarantine, User Quarantine, or Tag Subject. |
Scan Configurations | Select this option to configure the scan on Fortinet FortiMail. If you select this option, then you can configure the following parameters:
|
The output contains the following populated JSON schema:
{
"scanner_dictionary": "",
"deepheader_analysis": "",
"apply_action_default": "",
"scanner_virus": "",
"action_spf_fail": "",
"action_spf_soft_fail": "",
"bayesian_autotraining": "",
"suspicious_newsletter_status": "",
"scanner_surbl": "",
"spf_soft_fail_status": "",
"scan_maxsize": "",
"scanner_banned_word": "",
"action_suspicious_newsletter": "",
"surbl": "",
"dnsbl": "",
"scanner_phishing_uri": "",
"deepheader_check_ip": "",
"whitelistword": "",
"action_impersonation_analysis": "",
"imagespam": "",
"heuristic_upper": "",
"scanner_fortiguard": "",
"scanner_grey_list": "",
"aggressive": "",
"action_spf_sender_alignment": "",
"bayesian_user_db": "",
"spam_outbreak": "",
"dictionary_group_id": "",
"mkey": "",
"minimum_dictionary_score": "",
"fortiguard_check_ip": "",
"uri_filter_fortiguard": "",
"bayesian": "",
"bannedword": "",
"spf_none_status": "",
"action_uri_filter_secondary": "",
"action_dmarc": "",
"spf_neutral_status": "",
"spf_pass_status": "",
"scanner_fortiguard_blackip": "",
"action_newsletter": "",
"action_spf_none": "",
"scan_pdf": "",
"action_behavior_analysis": "",
"impersonation": "",
"greylist": "",
"spf_perm_error_status": "",
"bayesian_usertraining": "",
"dmarc_status": "",
"spf_checking": "",
"scanner_heuristic": "",
"scanner_bayesian": "",
"behavior_analysis": "",
"reqAction": "",
"fortiguard": "",
"heuristic_lower": "",
"scanner_rbl": "",
"spf_fail_status": "",
"spf_temp_error_status": "",
"scanner_default": "",
"phishing_uri": "",
"spf_sender_alignment_status": "",
"impersonation_analysis": "",
"newsletter_status": "",
"uri_filter_secondary_status": "",
"action_spf_temp_error": "",
"heuristic": "",
"uri_filter_secondary": "unrated",
"dictionary_type": "",
"objectID": "",
"action_spf_perm_error": "",
"dictionary_profile_id_new": "",
"action_spf_neutral": "",
"scanner_deep_header": "",
"heuristic_rules_percent": "",
"scanner_image_spam": "",
"scan_bypass_on_auth": "",
"action_spf_pass": "",
"dictionary": ""
}
Parameter | Description |
---|---|
Profile Name | Name of the session profile that you want to delete from Fortinet FortiMail. |
The output contains the following populated JSON schema:
{
"objectID": "",
"errorMsg": "",
"errorType": "",
"reqAction": ""
}
Parameter | Description |
---|---|
Profile Name | Name of the antispam profile that you want to delete from Fortinet FortiMail. |
The output contains the following populated JSON schema:
{
"objectID": "",
"errorMsg": "",
"errorType": "",
"reqAction": ""
}
Parameter | Description |
---|---|
Profile Name | Name of the session profile whose details you want to delete from Fortinet FortiMail. |
The output contains the following populated JSON schema:
{
"check_client_ip_quick": "",
"sender_addr_rate_ctrl_state": "",
"disallow_empty_domains": "",
"session_action_msg_type": "",
"bounce_rule": "",
"error_free": "",
"error_initial_delay": "",
"check_mason_effect": "",
"check_helo_domain": "",
"route": "",
"sender_reputation_throttle": "",
"conn_concurrent": "",
"msisdn_sender_reputation_action": "",
"access_control": "",
"sender_reputation_throttle_number": "",
"check_domain_chars": "",
"number_of_messages": "",
"check_recipient_domain": "",
"sender_addr_rate_ctrl_max_recipients": "",
"sender_rewrite": "",
"domainkey": "",
"error_increment": "",
"sender_addr_rate_ctrl_action": "",
"remote_log": "",
"spf": "",
"splice_after": "",
"sender_verification_profile": "",
"limit_RSETs": "",
"msisdn_sender_reputation_blacklist_duration": "",
"mkey": "",
"action": "",
"check_open_relay": "",
"limit_NOOPs": "",
"rewrite_helo_custom": "",
"to_whitelist_enable": "",
"disallow_encrypted": "",
"conn_blacklisted": "",
"block_encrypted": "",
"helo_custom": "",
"error_total": "",
"recipient_rewrite": "",
"sender_reputation_reject": "",
"msisdn_sender_reputation_trigger": "",
"eom_ack": "",
"splice_enable": "",
"dkim": true,
"command_checking": "",
"allow_pipelining": "",
"number_of_recipients": "",
"limit_helos": "",
"bypass_bounce_verify": "",
"limit_emails": "",
"conn_rate_how_many": "",
"conn_idle_timeout": "",
"rewrite": "",
"dkim_signing_authenticated_only": "",
"reqAction": "",
"check_sender_domain": "",
"limit_recipients": "",
"hide_received": "",
"conn_hide": "",
"limit_message_size": "",
"whitelist_enable": "",
"splice_what": "",
"dkim_signing": "",
"to_blacklist_enable": "",
"msisdn_sender_reputation_status": "",
"blacklist_enable": "",
"queue": "",
"sender_reputation_throttle_percent": "",
"objectID": "",
"sender_reputation": "",
"hide_header": "",
"limit_header_size": "",
"sender_reputation_tempfail": "",
"rewrite_helo": "",
"sender_verification": ""
}
Parameter | Description |
---|---|
Profile Name | Name of the antispam profile whose associated details you want to retrieve from Fortinet FortiMail. |
The output contains the following populated JSON schema:
{
"scanner_dictionary": "",
"deepheader_analysis": "",
"apply_action_default": "",
"scanner_virus": "",
"action_spf_fail": "",
"action_spf_soft_fail": "",
"bayesian_autotraining": "",
"suspicious_newsletter_status": "",
"scanner_surbl": "",
"spf_soft_fail_status": "",
"scan_maxsize": "",
"scanner_banned_word": "",
"action_suspicious_newsletter": "",
"surbl": "",
"dnsbl": "",
"scanner_phishing_uri": "",
"deepheader_check_ip": "",
"whitelistword": "",
"action_impersonation_analysis": "",
"imagespam": "",
"heuristic_upper": "",
"scanner_fortiguard": "",
"scanner_grey_list": "",
"aggressive": "",
"action_spf_sender_alignment": "",
"bayesian_user_db": "",
"spam_outbreak": "",
"dictionary_group_id": "",
"mkey": "",
"minimum_dictionary_score": "",
"fortiguard_check_ip": "",
"uri_filter_fortiguard": "",
"bayesian": "",
"bannedword": "",
"spf_none_status": "",
"action_uri_filter_secondary": "",
"action_dmarc": "",
"spf_neutral_status": "",
"spf_pass_status": "",
"scanner_fortiguard_blackip": "",
"action_newsletter": "",
"action_spf_none": "",
"scan_pdf": "",
"action_behavior_analysis": "",
"impersonation": "",
"greylist": "",
"spf_perm_error_status": "",
"bayesian_usertraining": "",
"dmarc_status": "",
"spf_checking": "",
"scanner_heuristic": "",
"scanner_bayesian": "",
"behavior_analysis": "",
"reqAction": "",
"fortiguard": "",
"heuristic_lower": "",
"scanner_rbl": "",
"spf_fail_status": "",
"spf_temp_error_status": "",
"scanner_default": "",
"phishing_uri": "",
"spf_sender_alignment_status": "",
"impersonation_analysis": "",
"newsletter_status": "",
"uri_filter_secondary_status": "",
"action_spf_temp_error": "",
"heuristic": "",
"uri_filter_secondary": "unrated",
"dictionary_type": "",
"objectID": "",
"action_spf_perm_error": "",
"dictionary_profile_id_new": "",
"action_spf_neutral": "",
"scanner_deep_header": "",
"heuristic_rules_percent": "",
"scanner_image_spam": "",
"scan_bypass_on_auth": "",
"action_spf_pass": "",
"dictionary": ""
}
The Sample - Fortinet Fortimail - 1.0.0
playbook collection comes bundled with the Fortinet FortiMail connector. These playbooks contain steps using which you can perform all supported actions. You can see bundled playbooks in the Automation > Playbooks section in FortiSOAR™ after importing the Fortinet FortiMail connector.
Note: If you are planning to use any of the sample playbooks in your environment, ensure that you clone those playbooks and move them to a different collection since the sample playbook collection gets deleted during connector upgrade and delete.