JASK Autonomous Security Operations Center (ASOC) Platform enhances threat detection and orchestration to improve contextual visibility, expose blind spots, and initiate faster response times with advanced insights.
This document provides information about the JASK ASOC connector, which facilitates automated interactions with JASK ASOC using FortiSOAR™ playbooks. Add the JASK ASOC connector as a step in FortiSOAR™ playbooks and perform automated operations, such as retrieving a list of imported threat intelligence sources from JASK ASOC and posting threat intelligence information to a JASK cluster.
Connector Version: 1.0.0
Authored By: Fortinet
Certified: No
All connectors provided by FortiSOAR™ are delivered using a FortiSOAR™ repository. Therefore, you must set up your FortiSOAR™ repository and use the yum
command to install connectors:
yum install cyops-connector-jask-asoc
For the detailed procedure to install a connector, click here.
For the procedure to configure a connector, click here.
The following automated operations can be included in playbooks and you can also use the annotations to access operations from FortiSOAR™ release 4.10.0 onwards:
Function | Description | Annotation and Category |
---|---|---|
Post Threat Intel | Posting threat intelligence information to a JASK cluster. | post_threat_intel Investigation |
Search | Searches JASK for assets, alerts, or signals. | search Investigation |
Get Alert Details | Retrieves details of an alert, including relevant signals and assets, from JASK based on the alert ID you have specified. | get_alert_details Investigation |
Get Signal Details | Retrieves details of a signal, including category, type, and other metadata, from JASK based on the signal ID you have specified. | get_signal_details Investigation |
Get Asset Details | Retrieves details of an asset, including risk score, source, and related assets, from JASK based on the asset ID you have specified. | get_asset_details Investigation |
Get Asset Details By IP | Retrieves details of an asset, including risk score, source, and related assets, from JASK based on the asset's IP address you have specified. | get_asset_details Investigation |
Get Intel Sources | Retrieves a list of imported threat intelligence sources from JASK. | get_intel_sources Investigation |
Get Sensor List | Retrieves a list JASK sensors and their current statuses from JASK. | get_sensors_list Investigation |
Get Sensor Details | Retrieves details of a sensor, including flow data, versioning, and configuration information, from JASK based on the sensor ID you have specified. | get_sensor_details Investigation |
The Sample - JASK ASOC - 1.0.0
playbook collection comes bundled with the JASK ASOC connector. This playbook contains steps using which you can perform all supported actions. You can see the bundled playbooks in the Automation > Playbooks section in FortiSOAR™ after importing the JASK ASOC connector.
Note: If you are planning to use any of the sample playbooks in your environment, ensure that you clone those playbooks and move them to a different collection, since the sample playbook collection gets deleted during connector upgrade and delete.
JASK Autonomous Security Operations Center (ASOC) Platform enhances threat detection and orchestration to improve contextual visibility, expose blind spots, and initiate faster response times with advanced insights.
This document provides information about the JASK ASOC connector, which facilitates automated interactions with JASK ASOC using FortiSOAR™ playbooks. Add the JASK ASOC connector as a step in FortiSOAR™ playbooks and perform automated operations, such as retrieving a list of imported threat intelligence sources from JASK ASOC and posting threat intelligence information to a JASK cluster.
Connector Version: 1.0.0
Authored By: Fortinet
Certified: No
All connectors provided by FortiSOAR™ are delivered using a FortiSOAR™ repository. Therefore, you must set up your FortiSOAR™ repository and use the yum
command to install connectors:
yum install cyops-connector-jask-asoc
For the detailed procedure to install a connector, click here.
For the procedure to configure a connector, click here.
The following automated operations can be included in playbooks and you can also use the annotations to access operations from FortiSOAR™ release 4.10.0 onwards:
Function | Description | Annotation and Category |
---|---|---|
Post Threat Intel | Posting threat intelligence information to a JASK cluster. | post_threat_intel Investigation |
Search | Searches JASK for assets, alerts, or signals. | search Investigation |
Get Alert Details | Retrieves details of an alert, including relevant signals and assets, from JASK based on the alert ID you have specified. | get_alert_details Investigation |
Get Signal Details | Retrieves details of a signal, including category, type, and other metadata, from JASK based on the signal ID you have specified. | get_signal_details Investigation |
Get Asset Details | Retrieves details of an asset, including risk score, source, and related assets, from JASK based on the asset ID you have specified. | get_asset_details Investigation |
Get Asset Details By IP | Retrieves details of an asset, including risk score, source, and related assets, from JASK based on the asset's IP address you have specified. | get_asset_details Investigation |
Get Intel Sources | Retrieves a list of imported threat intelligence sources from JASK. | get_intel_sources Investigation |
Get Sensor List | Retrieves a list JASK sensors and their current statuses from JASK. | get_sensors_list Investigation |
Get Sensor Details | Retrieves details of a sensor, including flow data, versioning, and configuration information, from JASK based on the sensor ID you have specified. | get_sensor_details Investigation |
The Sample - JASK ASOC - 1.0.0
playbook collection comes bundled with the JASK ASOC connector. This playbook contains steps using which you can perform all supported actions. You can see the bundled playbooks in the Automation > Playbooks section in FortiSOAR™ after importing the JASK ASOC connector.
Note: If you are planning to use any of the sample playbooks in your environment, ensure that you clone those playbooks and move them to a different collection, since the sample playbook collection gets deleted during connector upgrade and delete.