Fortinet black logo

IPStack v1.0.0

1.0.0
Copy Link
Copy Doc ID 52196c53-df5a-490f-9d94-ad7f86a65b8d:1

About the connector

IPStack searches for the geolocation facility of a specified IP address or Domain.

This document provides information about the IPStack connector, which facilitates automated interactions, with a IPStack server using FortiSOAR™ playbooks. Add the IPStack connector as a step in FortiSOAR™ playbooks and perform automated operations such as, searching and retrieving geolocation locations for a specified IP address or Domain.

Version information

Connector Version: 1.0.0

FortiSOAR™ Version Tested on: 4.11.0-1161

IPStack Version Tested on: 3.0

Installing the connector

All connectors provided by FortiSOAR™ are delivered using a FortiSOAR™ repository. Therefore, you must set up your FortiSOAR™ repository and use the yum command to install connectors:

yum install cyops-connector-ipstack

For the detailed procedure to install a connector, click here.

Prerequisites to configuring the connector

  • You must have the URL of the IPStack server to which you will connect and perform the automated operations and the API Key to access that server.
  • To access the FortiSOAR™ UI, ensure that port 443 is open through the firewall for the FortiSOAR™ instance.

Configuring the connector

For the procedure to configure a connector, click here.

Configuration parameters

In FortiSOAR™, on the Connectors page, select the IPStack connector and click Configure to configure the following parameters:

Parameter Description
Server URL URL of the IPStack server to which you will connect and perform the automated operations.
API Key API key configured for your account to access the IPStack server
Protocol that will be used to communicate, choose either http and https.
By default, this is set to http.
Verify SSL Specifies whether the SSL certificate for the server is to be verified or not.
By default, this option is set as True.

Actions supported by the connector

The following automated operations can be included in playbooks and you can also use the annotations to access operations from FortiSOAR™ release 4.10.0 onwards:

Function Description Annotation and Category
Geolocate IP Retrieves the geolocation details of the IP address that you specify from the IPStack server. geolocation
Investigation
Geolocate IP Retrieves the geolocation details of the domain that you specify from the IPStack server. geolocation
Investigation

operation: Geolocate IP

Input parameters

Parameter Description
IP Address IP address for which you want to retrieve geolocation details from the IPStack server.
Specify Response Fields (Optional) Use this parameter to limit results returned by this operation to a certain object or set of objects.
For example, If you specify country_code then this operation returns only the country_code object instead of returning the entire result.
Enable Hostname Lookup Select this option (i.e. set to True) if you want to retrieve the hostname with your API response.
By default, this is set to False.
Enable Security Module Select this option (i.e. set to True) if you want to retrieve security information with your API response.
By default, this is set to False.

Output

The JSON output contains the geolocation details of the IP address that you have specified retrieved from the IPStack server.

Following image displays a sample output:

Sample output of the Lookup IP operation

operation: Geolocate Domain

Input parameters

Parameter Description
IP Address Name of the domain for which you want to retrieve geolocation details from the IPStack server.
Important: Do not prefix the domain name with http, https, or www.
Specify Response Fields (Optional) Use this parameter to limit results returned by this operation to a certain object or set of objects.
For example, If you specify country_code then this operation returns only the country_code object instead of returning the entire result.
Enable Hostname Lookup Select this option (i.e. set to True) if you want to retrieve the hostname with your API response.
By default, this is set to False.
Enable Security Module Select this option (i.e. set to True) if you want to retrieve security information with your API response.
By default, this is set to False.

Output

The JSON output contains the geolocation details of the domain name that you have specified retrieved from the IPStack server.

Following image displays a sample output:

Sample output of the Lookup IP operation

Included playbooks

The Sample - IPStack - 1.0.0 playbook collection comes bundled with the IPStack connector. This playbook contains steps using which you can perform all supported actions. You can see the bundled playbooks in the Automation > Playbooks section in FortiSOAR™ after importing the IPStack connector.

  • Geolocate Domain
  • Geolocate IP

Note: If you are planning to use any of the sample playbooks in your environment, ensure that you clone those playbooks and move them to a different collection since the sample playbook collection gets deleted during connector upgrade and delete.

Previous
Next

About the connector

IPStack searches for the geolocation facility of a specified IP address or Domain.

This document provides information about the IPStack connector, which facilitates automated interactions, with a IPStack server using FortiSOAR™ playbooks. Add the IPStack connector as a step in FortiSOAR™ playbooks and perform automated operations such as, searching and retrieving geolocation locations for a specified IP address or Domain.

Version information

Connector Version: 1.0.0

FortiSOAR™ Version Tested on: 4.11.0-1161

IPStack Version Tested on: 3.0

Installing the connector

All connectors provided by FortiSOAR™ are delivered using a FortiSOAR™ repository. Therefore, you must set up your FortiSOAR™ repository and use the yum command to install connectors:

yum install cyops-connector-ipstack

For the detailed procedure to install a connector, click here.

Prerequisites to configuring the connector

Configuring the connector

For the procedure to configure a connector, click here.

Configuration parameters

In FortiSOAR™, on the Connectors page, select the IPStack connector and click Configure to configure the following parameters:

Parameter Description
Server URL URL of the IPStack server to which you will connect and perform the automated operations.
API Key API key configured for your account to access the IPStack server
Protocol that will be used to communicate, choose either http and https.
By default, this is set to http.
Verify SSL Specifies whether the SSL certificate for the server is to be verified or not.
By default, this option is set as True.

Actions supported by the connector

The following automated operations can be included in playbooks and you can also use the annotations to access operations from FortiSOAR™ release 4.10.0 onwards:

Function Description Annotation and Category
Geolocate IP Retrieves the geolocation details of the IP address that you specify from the IPStack server. geolocation
Investigation
Geolocate IP Retrieves the geolocation details of the domain that you specify from the IPStack server. geolocation
Investigation

operation: Geolocate IP

Input parameters

Parameter Description
IP Address IP address for which you want to retrieve geolocation details from the IPStack server.
Specify Response Fields (Optional) Use this parameter to limit results returned by this operation to a certain object or set of objects.
For example, If you specify country_code then this operation returns only the country_code object instead of returning the entire result.
Enable Hostname Lookup Select this option (i.e. set to True) if you want to retrieve the hostname with your API response.
By default, this is set to False.
Enable Security Module Select this option (i.e. set to True) if you want to retrieve security information with your API response.
By default, this is set to False.

Output

The JSON output contains the geolocation details of the IP address that you have specified retrieved from the IPStack server.

Following image displays a sample output:

Sample output of the Lookup IP operation

operation: Geolocate Domain

Input parameters

Parameter Description
IP Address Name of the domain for which you want to retrieve geolocation details from the IPStack server.
Important: Do not prefix the domain name with http, https, or www.
Specify Response Fields (Optional) Use this parameter to limit results returned by this operation to a certain object or set of objects.
For example, If you specify country_code then this operation returns only the country_code object instead of returning the entire result.
Enable Hostname Lookup Select this option (i.e. set to True) if you want to retrieve the hostname with your API response.
By default, this is set to False.
Enable Security Module Select this option (i.e. set to True) if you want to retrieve security information with your API response.
By default, this is set to False.

Output

The JSON output contains the geolocation details of the domain name that you have specified retrieved from the IPStack server.

Following image displays a sample output:

Sample output of the Lookup IP operation

Included playbooks

The Sample - IPStack - 1.0.0 playbook collection comes bundled with the IPStack connector. This playbook contains steps using which you can perform all supported actions. You can see the bundled playbooks in the Automation > Playbooks section in FortiSOAR™ after importing the IPStack connector.

Note: If you are planning to use any of the sample playbooks in your environment, ensure that you clone those playbooks and move them to a different collection since the sample playbook collection gets deleted during connector upgrade and delete.

Previous
Next