Overview
FortiSOAR™ provides you with a number of pre-installed connectors or built-ins, such as the IMAP or Database connectors, that you can use within FortiSOAR™ playbooks, as a connector step, and perform automated operations. These connectors are bundled and named based on the type of operations the connectors can perform. For example, the Database connector would contain actions that you can perform with respect to the database, like querying the database. It is easy to extend and enhance these connectors.
Apart from the FortiSOAR™ Built-in connectors, Fortinet also provides a number of connectors for popular integrations like SIEMs, such as FortiSIEM, Splunk, etc., and Ticketing systems such as Jira. You can see a list of published connectors on the FortiSOAR Connectors Documentation site.
The process of installing, configuring, and using connectors is defined in the Introduction to connectors chapter in the "Connectors Guide", which is part of the FortiSOAR™ documentation or see the Installing a connector and Configuring a connector articles.
FortiSOAR™ Built-in connectors are upgraded by default with a FortiSOAR™ upgrade. Use the Content Hub to upgrade your connectors to the latest version, in case you want to only upgrade the connectors and not FortiSOAR™. For more information on the connector store, see the Introduction to connectors chapter and see the FortiSOAR Built-in connectors article.
Important: Before you upgrade your FortiSOAR™ version, it is highly recommended that you take a backup of your FortiSOAR™ Built-in connector's (SSH, IMAP, Database, etc.) configuration since the configuration of your FortiSOAR™ Built-in connectors might be reset if there are changes to the configuration parameters across versions.
FSR Agent Communication Bridge
The FSR Agent Communication Bridge connector establishes and enables a network communication bridge, i.e., a mini web server on an FSR agent that allows users to provide inputs (manual input) requested by a FortiSOAR playbook. This web server is spun from within the agent's network premises. Manual input is a customized form in which users can provide their inputs. See the Triggers & Steps chapter in the "Playbooks Guide" for more information on 'Manual Inputs', and the Segmented Network Support chapter in the "Administration Guide" for information on FSR Agent, both of which are part of the FortiSOAR™ documentation.
Version information
Connector Version: 1.0.0
Authored By: Fortinet
Certified: Yes
Prerequisites to configuring the connector
- You must be an 'Administrator' with
Read and Update permissions on the 'Agents' and 'Connector' modules and Read permissions on the 'Secure Message Exchange' and 'Security' modules in FortiSOAR to configure the FSR Agent Communication Bridge connector.
- You must have added and configured the FSR Agent on your base FortiSOAR machine, and the status of the FSR Agent must be 'Remote Node Connected'.
- The version of both your FortiSOAR instance and FortiSOAR Agent must be 7.3.0 or later.
- You must ensure that the hostname/DNS name used to configure the connector is reachable from your base FortiSOAR machine. This is the address that you specify in the Configuration parameters.
- You must ensure that the port at which you want to run the web server of the agent virtual machine is opened in the firewall of the agent. This is the port that you specify in the Configuration parameters.
Configuring the connector
If you have appropriate rights, then on the System Configuration page, click Agent Configurations > Agents to open the Agents page. In the 'Agents Action' column, click Enable Input Bridge to open the Configure Agent Input Bridge dialog. In the Configure Agent Input Bridge dialog, enter the required configuration values to configure the connector.
IMPORTANT: The Enable Input Bridge option will be visible on FortiSOAR Release 7.3.0 and later.
Configuration parameters
| Parameter |
Description |
| FQHN |
Specify a DNS-resolvable address for the FSR agent virtual machine. |
| Port |
Specify the port number at which you want to run the web server of the agent virtual machine. By default, this is set as 8443.
NOTE: Ensure that the port specified is open in the firewall of the agent.
To open the port in the firewall run the following command:
sudo firewall-cmd --add-port=8443/tcp --permanent
Then, reload the firewall using the following command:
sudo firewall-cmd --reload |
| SSL Certificate for the Web Server |
Copy-paste the contents of the Web Server's SSL certificate (not just the certificate's path) into this field, or click Upload File to upload the SSL certificate into this field. The contents should start with '----BEGIN CERTIFICATE----' and end with '----END CERTIFICATE----'. |
| SSL Certificate Key for the Web Server |
Copy-paste the contents of the Web Server's SSL certificate key (not just the certificate's path) into this field, or click Upload File to upload the SSL certificate key into this field. The contents should start with '----BEGIN PRIVATE KEY----' and end with '----END PRIVATE KEY----'. |
Once you have configured the FSR Agent Communication Bridge connector, when a FortiSOAR playbook that contains a manual input, which is designed to host the custom input page on the FSR agent, is triggered, an email containing a link with the host IP of the agent is sent to the users specified in the 'Manual Input' step of the playbook. When users click on the link, the request goes to the agent, and then the agent populates the required manual input form that requires input from the user. The input provided by the users is forwarded to the base FortiSOAR instance, which resumes the playbook based on the user input.
