Fortinet Document Library

Version:


Table of Contents

1.0.0
Copy Link

About the connector

JASK Autonomous Security Operations Center (ASOC) Platform enhances threat detection and orchestration to improve contextual visibility, expose blind spots, and initiate faster response times with advanced insights.

This document provides information about the JASK ASOC connector, which facilitates automated interactions with JASK ASOC using FortiSOAR™ playbooks. Add the JASK ASOC connector as a step in FortiSOAR™ playbooks and perform automated operations, such as retrieving a list of imported threat intelligence sources from JASK ASOC and posting threat intelligence information to a JASK cluster.

Version information

Connector Version: 1.0.0

Authored By: Fortinet

Certified: No

Installing the connector

All connectors provided by FortiSOAR™ are delivered using a FortiSOAR™ repository. Therefore, you must set up your FortiSOAR™ repository and use the yum command to install connectors:

yum install cyops-connector-jask-asoc
For the detailed procedure to install a connector, click here.

 

Configuring the connector

For the procedure to configure a connector, click here.

 

Actions supported by the connector

The following automated operations can be included in playbooks and you can also use the annotations to access operations from FortiSOAR™ release 4.10.0 onwards:

 

Function Description Annotation and Category
Post Threat Intel Posting threat intelligence information to a JASK cluster. post_threat_intel
Investigation
Search Searches JASK for assets, alerts, or signals. search
Investigation
Get Alert Details Retrieves details of an alert, including relevant signals and assets, from JASK based on the alert ID you have specified. get_alert_details
Investigation
Get Signal Details Retrieves details of a signal, including category, type, and other metadata, from JASK based on the signal ID you have specified. get_signal_details
Investigation
Get Asset Details Retrieves details of an asset, including risk score, source, and related assets, from JASK based on the asset ID you have specified. get_asset_details
Investigation
Get Asset Details By IP Retrieves details of an asset, including risk score, source, and related assets, from JASK based on the asset's IP address you have specified. get_asset_details
Investigation
Get Intel Sources Retrieves a list of imported threat intelligence sources from JASK. get_intel_sources
Investigation
Get Sensor List Retrieves a list JASK sensors and their current statuses from JASK. get_sensors_list
Investigation
Get Sensor Details Retrieves details of a sensor, including flow data, versioning, and configuration information, from JASK based on the sensor ID you have specified. get_sensor_details
Investigation

 

Included playbooks

The Sample - JASK ASOC - 1.0.0 playbook collection comes bundled with the JASK ASOC connector. This playbook contains steps using which you can perform all supported actions. You can see the bundled playbooks in the Automation > Playbooks section in FortiSOAR™ after importing the JASK ASOC connector.

Note: If you are planning to use any of the sample playbooks in your environment, ensure that you clone those playbooks and move them to a different collection, since the sample playbook collection gets deleted during connector upgrade and delete.

 

About the connector

JASK Autonomous Security Operations Center (ASOC) Platform enhances threat detection and orchestration to improve contextual visibility, expose blind spots, and initiate faster response times with advanced insights.

This document provides information about the JASK ASOC connector, which facilitates automated interactions with JASK ASOC using FortiSOAR™ playbooks. Add the JASK ASOC connector as a step in FortiSOAR™ playbooks and perform automated operations, such as retrieving a list of imported threat intelligence sources from JASK ASOC and posting threat intelligence information to a JASK cluster.

Version information

Connector Version: 1.0.0

Authored By: Fortinet

Certified: No

Installing the connector

All connectors provided by FortiSOAR™ are delivered using a FortiSOAR™ repository. Therefore, you must set up your FortiSOAR™ repository and use the yum command to install connectors:

yum install cyops-connector-jask-asoc
For the detailed procedure to install a connector, click here.

 

Configuring the connector

For the procedure to configure a connector, click here.

 

Actions supported by the connector

The following automated operations can be included in playbooks and you can also use the annotations to access operations from FortiSOAR™ release 4.10.0 onwards:

 

Function Description Annotation and Category
Post Threat Intel Posting threat intelligence information to a JASK cluster. post_threat_intel
Investigation
Search Searches JASK for assets, alerts, or signals. search
Investigation
Get Alert Details Retrieves details of an alert, including relevant signals and assets, from JASK based on the alert ID you have specified. get_alert_details
Investigation
Get Signal Details Retrieves details of a signal, including category, type, and other metadata, from JASK based on the signal ID you have specified. get_signal_details
Investigation
Get Asset Details Retrieves details of an asset, including risk score, source, and related assets, from JASK based on the asset ID you have specified. get_asset_details
Investigation
Get Asset Details By IP Retrieves details of an asset, including risk score, source, and related assets, from JASK based on the asset's IP address you have specified. get_asset_details
Investigation
Get Intel Sources Retrieves a list of imported threat intelligence sources from JASK. get_intel_sources
Investigation
Get Sensor List Retrieves a list JASK sensors and their current statuses from JASK. get_sensors_list
Investigation
Get Sensor Details Retrieves details of a sensor, including flow data, versioning, and configuration information, from JASK based on the sensor ID you have specified. get_sensor_details
Investigation

 

Included playbooks

The Sample - JASK ASOC - 1.0.0 playbook collection comes bundled with the JASK ASOC connector. This playbook contains steps using which you can perform all supported actions. You can see the bundled playbooks in the Automation > Playbooks section in FortiSOAR™ after importing the JASK ASOC connector.

Note: If you are planning to use any of the sample playbooks in your environment, ensure that you clone those playbooks and move them to a different collection, since the sample playbook collection gets deleted during connector upgrade and delete.