About the connector
ManageEngine Key Manager Plus connector provides a 'key management' solution that helps you consolidate, control, manage, monitor, and audit the entire life cycle of SSH (Secure Shell) keys and SSL (Secure Sockets Layer) certificates.
This document provides information about the ManageEngine Key Manager Plus connector, which facilitates automated interactions, with a ManageEngine Key Manager Plus server using FortiSOAR™ playbooks. Add the ManageEngine Key Manager Plus Connector as a step in FortiSOAR™ playbooks and perform automated operations such as retrieving all SSL certificates across your network and importing them into your ManageEngine Key Manager Plus repository, updating credentials of a discovered resource in ManageEngine Key Manager Plus, etc.
Version information
Connector Version: 1.0.0
FortiSOAR™ Version Tested on: 7.3.1-2105
Authored By: Fortinet
Certified: Yes
Installing the connector
Use the Content Hub to install the connector. For the detailed procedure to install a connector, click here.
You can also use the following yum command as a root user to install connectors from an SSH session:
yum install cyops-connector-manage-engine-key-manager-plus
Prerequisites to configuring the connector
- You must have the URL of the ManageEngine Key Manager Plus server to which you will connect and perform automated operations and the API key that is configured for your account to access the ManageEngine Key Manager Plus endpoint.
- The FortiSOAR™ server should have outbound connectivity to port 443 on the ManageEngine Key Manager Plus server.
Minimum Permissions Required
Configuring the connector
For the procedure to configure a connector, click here.
Configuration parameters
In FortiSOAR™, on the Content Hub (or Connector Store) page, click the Manage tab, and then click the ManageEngine Key Manager Plus connector card. On the connector popup, click the Configurations tab to enter the required configuration details.
| Parameter |
Description |
| Server URL |
Specify the URL of the ManageEngine Key Manager Plus server to which you will connect and perform the automated operations. |
| API Key |
Specify the API key that is configured for your account to access the ManageEngine Key Manager Plus endpoint. |
| Verify SSL |
Specifies whether the SSL certificate for the server is to be verified or not.
By default, this option is set as True. |
Actions supported by the connector
The following automated operations can be included in playbooks and you can also use the annotations to access operations from FortiSOAR™:
| Function |
Description |
Annotation and Category |
| Get SSH Keys |
Retrieves a detailed list of all the discovered SSH keys from ManageEngine Key Manager Plus. |
get_ssh_keys
Investigation |
| Get SSL Certificates |
Retrieves SSL certificates and imports them into the ManageEngine Key Manager Plus repository based on the hostname/IP address or IP address range, and other input parameters you have specified. |
get_ssl_certificates
Investigation |
| Update Credentials |
Updates credentials of a discovered resource in ManageEngine Key Manager Plus based on the resource name, username, password, and other input parameters you have specified. |
update_credentials
Investigation |
operation: Get SSH Keys
Input parameters
None.
Output
The output contains the following populated JSON schema:
{
"name": "",
"result": {
"status": "",
"message": ""
},
"totalRows": "",
"details": [
{
"KeyName": "",
"KeyType": "",
"KeyLength": "",
"FingerPrint": "",
"isPassphraseAvailable": "",
"CreatedBy": "",
"CreationTime": ""
}
]
}
operation: Get SSL Certificates
Input parameters
| Parameter |
Description |
| Discover Using |
Select the method that you want to use to retrieve SSL certificates and import them into the ManageEngine Key Manager Plus repository. You can choose between Hostname/IP Address (Default) or IP Address Range.
- If you select the 'Hostname/IP Address' option, then in the Hostname/IP Address field, specify the Hostname or IP Address of the host to be scanned for SSL certificates.
- If you select the 'IP Address Range' option, then specify the following parameters:
- Start IP Address: Specify the starting IP address of the host from which SSL certificates are to be scanned.
- End IP Address: Specify the ending IP address of the host till which SSL certificates are to be scanned.
|
| Time Out |
Specify the time interval in seconds per resource after which the search automatically ceases. |
| Port Number |
Specify the Port Number to be used for scanning SSL certificates. |
Output
The output contains the following populated JSON schema:
{
"name": "",
"totalRows": "",
"details": {}
}
operation: Update Credentials
Input parameters
| Parameter |
Description |
| Resource Name |
Specify the Hostname or IP Address of the discovered resource for which you want to apply credentials. |
| User Name |
Specify the username of any user account in the specified resource to gain key management privileges for that particular account. The credentials of the 'root' account gives key management privileges for all accounts on the resource. |
| Password |
Specify the password of the user account specified in the User Name field. |
| Is Admin |
Select this option, i.e., set it to 'True'. if the user account specified in the User Name field is a 'Root' or 'Administrator' account. By default, this option cleared, i.e., it is set to 'False'. |
Output
The output contains the following populated JSON schema:
{
"name": "",
"result": {
"status": "",
"message": ""
}
}
Included playbooks
The Sample - Manage Engine Key Manager Plus - 1.0.0 playbook collection comes bundled with the ManageEngine Key Manager Plus connector. These playbooks contain steps using which you can perform all supported actions. You can see bundled playbooks in the Automation > Playbooks section in FortiSOAR™ after importing the ManageEngine Key Manager Plus connector.
- Get SSH Keys
- Get SSL Certificates
- Update Credentials
Note: If you are planning to use any of the sample playbooks in your environment, ensure that you clone those playbooks and move them to a different collection since the sample playbook collection gets deleted during the connector upgrade and delete.
