Fortinet black logo

MaxMind

Home FortiSOAR Connectors MaxMind

MaxMind v1.0.0

1.0.0
1.0.1
1.0.0
Copy Link
Copy Doc ID 9506d7df-8628-4099-8a81-32d4a7545eb1:1

About the connector

Maxmind GeoIP2 Precision Services offers industry-leading IP intelligence data, updated weekly.Country service works best for customers who only need to know the country of an IP address. Country names are available in English, Simplified Chinese, German, Spanish, French, Japanese, Portuguese, and Russian. City service provides most accurate information about the location of an IP address to the zip or postal code level and identifies the associated ISP or organization.

This document provides information about the Maxmind connector, which facilitates automated interactions, with a Maxmind server using FortiSOAR™ playbooks. Add the Maxmind connector as a step in FortiSOAR™ playbooks and perform automated operations, such as getting all the information about a specified IP and getting insight information about a specified IP.

Version information

Connector Version: 1.0.0

FortiSOAR™ Version Tested on: 4.9.0.0-708 and later

Maxmind GeoIP2 Precision Services Version Tested on: 2.1

Authored By: Fortinet

Certified: Yes

Installing the connector

All connectors provided by FortiSOAR™ are delivered using a FortiSOAR™ repository. Therefore, you must set up your FortiSOAR™ repository and use the yum command to install connectors:

yum install cyops-connector-maxmind

For the procedure to install a connector, click here.

Prerequisites to configuring the connector

  • You must have the URL of the Maxmind server and credentials to access the server to which you will connect and perform the automated operations.
  • To access the FortiSOAR™ UI, ensure that port 443 is open through the firewall for the FortiSOAR™ instance.

Configuring the connector

For the procedure to configure a connector, click here.

Configuration parameters

In FortiSOAR™, on the Connectors page, select the Maxmind connector and click Configure to configure the following parameters:

Parameter Description
Server URL URL of the Maxmind server to which you will connect and perform the automated operations.
Maxmind Userid Username to access the Maxmind server.
Maxmind License Key License key to access the Maxmind server.
Verify SSL Verify SSL connection to the Maxmind server.
Defaults to True.

Actions supported by the connector

The following automated operations can be included in playbooks:

  • Get All Details of IP: Retrieves all the information related to the specified IP address.
  • Get City Details: Retrieves city information for the specified IP address.
  • Get Country Details: Retrieves country information for the specified IP address.
  • Get Insight Details: Retrieves insight information for the specified IP address. Insight information provides additional details about the IP such as traits, user types, and organization.

operation: Get All Details of IP

Input parameters

Parameter Description
IP Address IP address for which you retrieve information.

Output

The JSON output contains all the details of the specified IP.

Following image displays a sample output:

operation: Get City Details

Input parameters

Parameter Description
IP Address IP address for which you retrieve city information.

Output

The JSON output contains the city details of the specified IP.

Following image displays a sample output:

operation: Get Country Details

Input parameters

Parameter Description
IP Address IP address for which you retrieve country information.

Output

The JSON output contains the country details of the specified IP.

Following image displays a sample output:

operation: Get Insight Details

Input parameters

Parameter Description
IP Address IP address for which you retrieve insight information.

Output

The JSON output contains the insight details of the specified IP.

Following image displays a sample output:

Included playbooks

The Sample - Maxmind - 1.0.0 playbook collection comes bundled with the Maxmind connector. This playbook contains steps using which you can perform all supported actions. You can see the bundled playbooks in the Automation > Playbooks section in FortiSOAR™ after importing the Maxmind connector.

Note: If you are planning to use any of the sample playbooks in your environment, ensure that you clone those playbooks and move them to a different collection, since the sample playbook collection gets deleted during connector upgrade and delete.

Previous
Next

About the connector

Maxmind GeoIP2 Precision Services offers industry-leading IP intelligence data, updated weekly.Country service works best for customers who only need to know the country of an IP address. Country names are available in English, Simplified Chinese, German, Spanish, French, Japanese, Portuguese, and Russian. City service provides most accurate information about the location of an IP address to the zip or postal code level and identifies the associated ISP or organization.

This document provides information about the Maxmind connector, which facilitates automated interactions, with a Maxmind server using FortiSOAR™ playbooks. Add the Maxmind connector as a step in FortiSOAR™ playbooks and perform automated operations, such as getting all the information about a specified IP and getting insight information about a specified IP.

Version information

Connector Version: 1.0.0

FortiSOAR™ Version Tested on: 4.9.0.0-708 and later

Maxmind GeoIP2 Precision Services Version Tested on: 2.1

Authored By: Fortinet

Certified: Yes

Installing the connector

All connectors provided by FortiSOAR™ are delivered using a FortiSOAR™ repository. Therefore, you must set up your FortiSOAR™ repository and use the yum command to install connectors:

yum install cyops-connector-maxmind

For the procedure to install a connector, click here.

Prerequisites to configuring the connector

Configuring the connector

For the procedure to configure a connector, click here.

Configuration parameters

In FortiSOAR™, on the Connectors page, select the Maxmind connector and click Configure to configure the following parameters:

Parameter Description
Server URL URL of the Maxmind server to which you will connect and perform the automated operations.
Maxmind Userid Username to access the Maxmind server.
Maxmind License Key License key to access the Maxmind server.
Verify SSL Verify SSL connection to the Maxmind server.
Defaults to True.

Actions supported by the connector

The following automated operations can be included in playbooks:

operation: Get All Details of IP

Input parameters

Parameter Description
IP Address IP address for which you retrieve information.

Output

The JSON output contains all the details of the specified IP.

Following image displays a sample output:

operation: Get City Details

Input parameters

Parameter Description
IP Address IP address for which you retrieve city information.

Output

The JSON output contains the city details of the specified IP.

Following image displays a sample output:

operation: Get Country Details

Input parameters

Parameter Description
IP Address IP address for which you retrieve country information.

Output

The JSON output contains the country details of the specified IP.

Following image displays a sample output:

operation: Get Insight Details

Input parameters

Parameter Description
IP Address IP address for which you retrieve insight information.

Output

The JSON output contains the insight details of the specified IP.

Following image displays a sample output:

Included playbooks

The Sample - Maxmind - 1.0.0 playbook collection comes bundled with the Maxmind connector. This playbook contains steps using which you can perform all supported actions. You can see the bundled playbooks in the Automation > Playbooks section in FortiSOAR™ after importing the Maxmind connector.

Note: If you are planning to use any of the sample playbooks in your environment, ensure that you clone those playbooks and move them to a different collection, since the sample playbook collection gets deleted during connector upgrade and delete.

Previous
Next