Fortinet Document Library

Version:


Table of Contents

PaloAlto AutoFocus

1.0.0
Copy Link

About the connector

Palo Alto Networks® AutoFocus simplifies workflows to create and enforce new controls, from fully automated to user-directed, within the same unified security platform.

This document provides information about the PaloAlto AutoFocus connector, which facilitates automated interactions with Palo Alto Networks® AutoFocus using FortiSOAR™ playbooks. Add the PaloAlto AutoFocus connector as a step in FortiSOAR™ playbooks and perform automated investigative operations, such as hunting IP addresses, domains, or URLs on Palo Alto Networks® AutoFocus.

Version information

Connector Version: 1.0.0

Authored By: Fortinet.

Certified: No

Installing the connector

All connectors provided by FortiSOAR™ are delivered using a FortiSOAR™ repository. Therefore, you must set up your FortiSOAR™ repository and use the yum command to install connectors:

yum install cyops-connector-paloalto-autofocus

For the detailed procedure to install a connector, click here.

Configuring the connector

For the procedure to configure a connector, click here.

Actions supported by the connector

The following automated operations can be included in playbooks and you can also use the annotations to access operations from FortiSOAR™ release 4.10.0 onwards:

Function Description Annotation and Category
Hunt IP Hunts an IP address that you have specified on PaloAlto AutoFocus. hunt_ip
Investigation
Hunt URL Hunts a URL address that you have specified on PaloAlto AutoFocus and retrieves a list tags associated with the specified URL from PaloAlto AutoFocus . hunt_url
Investigation
Hunt Domain Hunts a domain that you have specified on PaloAlto AutoFocus and retrieves a list tags associated with the specified domain from PaloAlto AutoFocus . hunt_domain
Investigation
Hunt File Hunts a filehash that you have specified on PaloAlto AutoFocus and retrieves a list tags associated with the specified filehash from PaloAlto AutoFocus . hunt_file
Investigation
Get Report Retrieves a report from PaloAlto AutoFocus, based on tag name that you have specified. get_report
Investigation

Included playbooks

The Sample - PaloAlto AutoFocus - 1.0.0 playbook collection comes bundled with the PaloAlto AutoFocus connector. This playbook contains steps using which you can perform all supported actions. You can see the bundled playbooks in the Automation > Playbooks section in FortiSOAR™ after importing the PaloAlto AutoFocus connector.

Note: If you are planning to use any of the sample playbooks in your environment, ensure that you clone those playbooks and move them to a different collection, since the sample playbook collection gets deleted during connector upgrade and delete.

 

About the connector

Palo Alto Networks® AutoFocus simplifies workflows to create and enforce new controls, from fully automated to user-directed, within the same unified security platform.

This document provides information about the PaloAlto AutoFocus connector, which facilitates automated interactions with Palo Alto Networks® AutoFocus using FortiSOAR™ playbooks. Add the PaloAlto AutoFocus connector as a step in FortiSOAR™ playbooks and perform automated investigative operations, such as hunting IP addresses, domains, or URLs on Palo Alto Networks® AutoFocus.

Version information

Connector Version: 1.0.0

Authored By: Fortinet.

Certified: No

Installing the connector

All connectors provided by FortiSOAR™ are delivered using a FortiSOAR™ repository. Therefore, you must set up your FortiSOAR™ repository and use the yum command to install connectors:

yum install cyops-connector-paloalto-autofocus

For the detailed procedure to install a connector, click here.

Configuring the connector

For the procedure to configure a connector, click here.

Actions supported by the connector

The following automated operations can be included in playbooks and you can also use the annotations to access operations from FortiSOAR™ release 4.10.0 onwards:

Function Description Annotation and Category
Hunt IP Hunts an IP address that you have specified on PaloAlto AutoFocus. hunt_ip
Investigation
Hunt URL Hunts a URL address that you have specified on PaloAlto AutoFocus and retrieves a list tags associated with the specified URL from PaloAlto AutoFocus . hunt_url
Investigation
Hunt Domain Hunts a domain that you have specified on PaloAlto AutoFocus and retrieves a list tags associated with the specified domain from PaloAlto AutoFocus . hunt_domain
Investigation
Hunt File Hunts a filehash that you have specified on PaloAlto AutoFocus and retrieves a list tags associated with the specified filehash from PaloAlto AutoFocus . hunt_file
Investigation
Get Report Retrieves a report from PaloAlto AutoFocus, based on tag name that you have specified. get_report
Investigation

Included playbooks

The Sample - PaloAlto AutoFocus - 1.0.0 playbook collection comes bundled with the PaloAlto AutoFocus connector. This playbook contains steps using which you can perform all supported actions. You can see the bundled playbooks in the Automation > Playbooks section in FortiSOAR™ after importing the PaloAlto AutoFocus connector.

Note: If you are planning to use any of the sample playbooks in your environment, ensure that you clone those playbooks and move them to a different collection, since the sample playbook collection gets deleted during connector upgrade and delete.