About the connector
FortiOS is the Fortinet's network security operating system. It expands the Security Fabric to provide broad visibility and control, more powerful performance, and more efficient operations to quickly identify and resolve security issues.
This document provides information about the FortiOS connector, which facilitates automated interactions, with a FortiOS server using FortiSOAR™ playbooks. Add the FortiOS connector as a step in FortiSOAR™ playbooks and perform automated operations such as, blocking and unblocking IP addresses, retrieving a list of IP addresses that are blocked on FortiOS, and executing a command on a remote FortiOS server.
Connector Version: 1.0.0
FortiSOAR™ Version Tested on: 4.12.1-253
FortiOS Version Tested on: v5.4.0 and v5.6.0
Authored By: Fortinet
Certified: Yes
All connectors provided by FortiSOAR™ are delivered using a FortiSOAR™ repository. Therefore, you must set up your FortiSOAR™ repository and use the yum
command to install connectors:
yum install cyops-connector-fortios
For the detailed procedure to install a connector, click here.
For the procedure to configure a connector, click here.
In FortiSOAR™, on the Connectors page, select the FortiOS connector row, and in the Configure tab enter the required configuration details.
Parameter | Description |
---|---|
Hostname/IP Address | Hostname or IP address of the FortiOS endpoint server to which you will connect and perform the automated operations. |
Port | Port number that is used for connecting to the FortiOS server using SSH. By default, this is set to 22 . |
VDOM | VDOM that is used to perform automated operations in provided VDOMs. Notes: - You can specify the VDOM here, as a configuration parameter, or you can also specify the VDOM as a function parameter. - You can provide VDOM in the .csv or the list format. |
Username | Username to access the FortiOS endpoint server to which you will connect and perform the automated operations. |
Password | Password to access the FortiOS endpoint server to which you will connect and perform the automated operations. |
Private Key | Private Key used to perform SSH authentication on the FortiOS server. |
Timeout | Time, in seconds, after which the execution of the remote command gets timed out. |
The following automated operations can be included in playbooks, and you can also use the annotations to access operations from FortiSOAR™ release 4.10.0 onwards:
Function | Description | Annotation and Category |
---|---|---|
Block IP Address | Blocks the IP addresses that you have specified on the FortiOS server. | block_ip Containment |
Unblock IP Address | Unblocks the IP addresses that you have specified from the FortiOS server. | unblock_ip Remediation |
Get list of all blocked IP addresses | Retrieves a list of all IP addresses that are blocked on the FortiOS server. | get_blocked_ip Investigation |
Purge IP Block List | Removes all the IP addresses from the IP Block List on the FortiOS server. | unblock_ip Remediation |
Execute Command | Executes a command on a remote FortiOS server. | remote_command Investigation |
Parameter | Description |
---|---|
Source IP Type | Source IP Type that you want to block on the FortiOS server. You can choose between IPv4 and IPv6. |
IP Addresses | IP addresses that you want to block on the FortiOS server, in the .csv or list format.For example, ["1.1.1.1", "2.2.2.2"] or "1.1.1.1", "2.2.2.2" . |
Time to Live | Time till when the IP addresses are in the Block status.You can choose between the following options: 1 Hour, 6 Hour, 12 Hour, 1 Day, 6 Months, 1 Year, or Custom Time. Note: If you select Custom Time then the Time to Live (Seconds) field is displayed in which you must specify the Time to Live in seconds. |
Source | Source of the IP that you want to block on the FortiOS server. You can choose between the following options: ADMIN, DLP, IPS, AV, or DOS. |
VDOM | VDOM that is used to perform automated operations in provided VDOMs. Notes: - You can specify the VDOM here, as a configuration parameter, or you can also specify the VDOM as a function parameter. - You can provide VDOM in the .csv or the list format. |
Output of the block ip address
command in the list format.
The output contains the following populated JSON schema:
{
"command": "",
"output": []
}
Parameter | Description |
---|---|
Source IP Type | Source IP Type that you want to unblock from the FortiOS server. You can choose between IPv4 and IPv6. |
IP Addresses | IP addresses that you want to unblock from the FortiOS server in the .csv or list format.For example, ["1.1.1.1", "2.2.2.2"] or "1.1.1.1", "2.2.2.2" . |
VDOM | VDOM that is used to perform automated operations in provided VDOMs. Notes: - You can specify the VDOM here, as a configuration parameter, or you can also specify the VDOM as a function parameter. - You can provide VDOM in the .csv or the list format. |
Output of the unblock ip address
command in the list format.
The output contains the following populated JSON schema:
{
"command": "",
"output": []
}
Parameter | Description |
---|---|
VDOM | VDOM that is used to perform automated operations in provided VDOMs. Notes: - You can specify the VDOM here, as a configuration parameter, or you can also specify the VDOM as a function parameter. - You can provide VDOM in the .csv or the list format. |
Output of the get block ip address
command in the list format.
The output contains the following populated JSON schema:
{
"command": "",
"output": []
}
Parameter | Description |
---|---|
VDOM | VDOM that is used to perform automated operations in provided VDOMs. Notes: - You can specify the VDOM here, as a configuration parameter, or you can also specify the VDOM as a function parameter. - You can provide VDOM in the .csv or the list format. |
Output of the purge block list
command in the list format.
The output contains the following populated JSON schema:
{
"command": "",
"output": []
}
Parameter | Description |
---|---|
Commands | Command that you want to execute on the FortiOS console. You can provide commands in the .csv or the list format. |
Output of the specified command in the list format.
The output contains the following populated JSON schema:
{
"command": "",
"output": []
}
The Sample - FortiOS - 1.0.0
playbook collection comes bundled with the FortiOS connector. This playbook contains steps using which you can perform all supported actions. You can see the bundled playbooks in the Automation > Playbooks section in FortiSOAR™ after importing the FortiOS connector.
Note: If you are planning to use any of the sample playbooks in your environment, ensure that you clone those playbooks and move them to a different collection since the sample playbook collection gets deleted during connector upgrade and delete.
About the connector
FortiOS is the Fortinet's network security operating system. It expands the Security Fabric to provide broad visibility and control, more powerful performance, and more efficient operations to quickly identify and resolve security issues.
This document provides information about the FortiOS connector, which facilitates automated interactions, with a FortiOS server using FortiSOAR™ playbooks. Add the FortiOS connector as a step in FortiSOAR™ playbooks and perform automated operations such as, blocking and unblocking IP addresses, retrieving a list of IP addresses that are blocked on FortiOS, and executing a command on a remote FortiOS server.
Connector Version: 1.0.0
FortiSOAR™ Version Tested on: 4.12.1-253
FortiOS Version Tested on: v5.4.0 and v5.6.0
Authored By: Fortinet
Certified: Yes
All connectors provided by FortiSOAR™ are delivered using a FortiSOAR™ repository. Therefore, you must set up your FortiSOAR™ repository and use the yum
command to install connectors:
yum install cyops-connector-fortios
For the detailed procedure to install a connector, click here.
For the procedure to configure a connector, click here.
In FortiSOAR™, on the Connectors page, select the FortiOS connector row, and in the Configure tab enter the required configuration details.
Parameter | Description |
---|---|
Hostname/IP Address | Hostname or IP address of the FortiOS endpoint server to which you will connect and perform the automated operations. |
Port | Port number that is used for connecting to the FortiOS server using SSH. By default, this is set to 22 . |
VDOM | VDOM that is used to perform automated operations in provided VDOMs. Notes: - You can specify the VDOM here, as a configuration parameter, or you can also specify the VDOM as a function parameter. - You can provide VDOM in the .csv or the list format. |
Username | Username to access the FortiOS endpoint server to which you will connect and perform the automated operations. |
Password | Password to access the FortiOS endpoint server to which you will connect and perform the automated operations. |
Private Key | Private Key used to perform SSH authentication on the FortiOS server. |
Timeout | Time, in seconds, after which the execution of the remote command gets timed out. |
The following automated operations can be included in playbooks, and you can also use the annotations to access operations from FortiSOAR™ release 4.10.0 onwards:
Function | Description | Annotation and Category |
---|---|---|
Block IP Address | Blocks the IP addresses that you have specified on the FortiOS server. | block_ip Containment |
Unblock IP Address | Unblocks the IP addresses that you have specified from the FortiOS server. | unblock_ip Remediation |
Get list of all blocked IP addresses | Retrieves a list of all IP addresses that are blocked on the FortiOS server. | get_blocked_ip Investigation |
Purge IP Block List | Removes all the IP addresses from the IP Block List on the FortiOS server. | unblock_ip Remediation |
Execute Command | Executes a command on a remote FortiOS server. | remote_command Investigation |
Parameter | Description |
---|---|
Source IP Type | Source IP Type that you want to block on the FortiOS server. You can choose between IPv4 and IPv6. |
IP Addresses | IP addresses that you want to block on the FortiOS server, in the .csv or list format.For example, ["1.1.1.1", "2.2.2.2"] or "1.1.1.1", "2.2.2.2" . |
Time to Live | Time till when the IP addresses are in the Block status.You can choose between the following options: 1 Hour, 6 Hour, 12 Hour, 1 Day, 6 Months, 1 Year, or Custom Time. Note: If you select Custom Time then the Time to Live (Seconds) field is displayed in which you must specify the Time to Live in seconds. |
Source | Source of the IP that you want to block on the FortiOS server. You can choose between the following options: ADMIN, DLP, IPS, AV, or DOS. |
VDOM | VDOM that is used to perform automated operations in provided VDOMs. Notes: - You can specify the VDOM here, as a configuration parameter, or you can also specify the VDOM as a function parameter. - You can provide VDOM in the .csv or the list format. |
Output of the block ip address
command in the list format.
The output contains the following populated JSON schema:
{
"command": "",
"output": []
}
Parameter | Description |
---|---|
Source IP Type | Source IP Type that you want to unblock from the FortiOS server. You can choose between IPv4 and IPv6. |
IP Addresses | IP addresses that you want to unblock from the FortiOS server in the .csv or list format.For example, ["1.1.1.1", "2.2.2.2"] or "1.1.1.1", "2.2.2.2" . |
VDOM | VDOM that is used to perform automated operations in provided VDOMs. Notes: - You can specify the VDOM here, as a configuration parameter, or you can also specify the VDOM as a function parameter. - You can provide VDOM in the .csv or the list format. |
Output of the unblock ip address
command in the list format.
The output contains the following populated JSON schema:
{
"command": "",
"output": []
}
Parameter | Description |
---|---|
VDOM | VDOM that is used to perform automated operations in provided VDOMs. Notes: - You can specify the VDOM here, as a configuration parameter, or you can also specify the VDOM as a function parameter. - You can provide VDOM in the .csv or the list format. |
Output of the get block ip address
command in the list format.
The output contains the following populated JSON schema:
{
"command": "",
"output": []
}
Parameter | Description |
---|---|
VDOM | VDOM that is used to perform automated operations in provided VDOMs. Notes: - You can specify the VDOM here, as a configuration parameter, or you can also specify the VDOM as a function parameter. - You can provide VDOM in the .csv or the list format. |
Output of the purge block list
command in the list format.
The output contains the following populated JSON schema:
{
"command": "",
"output": []
}
Parameter | Description |
---|---|
Commands | Command that you want to execute on the FortiOS console. You can provide commands in the .csv or the list format. |
Output of the specified command in the list format.
The output contains the following populated JSON schema:
{
"command": "",
"output": []
}
The Sample - FortiOS - 1.0.0
playbook collection comes bundled with the FortiOS connector. This playbook contains steps using which you can perform all supported actions. You can see the bundled playbooks in the Automation > Playbooks section in FortiSOAR™ after importing the FortiOS connector.
Note: If you are planning to use any of the sample playbooks in your environment, ensure that you clone those playbooks and move them to a different collection since the sample playbook collection gets deleted during connector upgrade and delete.