Fortinet black logo

Remote FortiSOAR

Remote FortiSOAR v1.0.0

1.0.0
Copy Link
Copy Doc ID 968ae1e8-b995-11ed-8e6d-fa163e15d75b:517

About the connector

This document provides information about the Remote FortiSOAR connector, which facilitates automated interactions, with a FortiSOAR endpoint using FortiSOAR™ playbooks. Add the Remote FortiSOAR connector as a step in FortiSOAR™ playbooks and run REST API operations on FortiSOAR environments other than your own FortiSOAR environment.

Version information

Connector Version: 1.0.0

FortiSOAR™ Version Tested on: 7.3.1-2105

Authored By: Fortinet

Certified: Yes

Installing the connector

Use the Content Hub to install the connector. For the detailed procedure to install a connector, click here.

You can also use the following yum command as a root user to install connectors from an SSH session:
yum install cyops-connector-remote-fortisoar

Prerequisites to configuring the connector

  • You must have the URL of the remote FortiSOAR endpoint to which you will connect and perform automated operations and credentials to access that server.
  • The FortiSOAR™ server should have outbound connectivity to port 443 on the Remote FortiSOAR server.

Minimum Permissions Required

  • Not applicable

Configuring the connector

For the procedure to configure a connector, click here.

Configuration parameters

In FortiSOAR™, on the Content Hub (or Connector Store) page, click the Manage tab, and then click the Remote FortiSOAR connector card. On the connector popup, click the Configurations tab to enter the required configuration details.

Parameter Description
FortiSOAR Endpoint URL Specify the URL of the FortiSOAR server to which you will connect and perform automated operations
Authentication Type Select the type of authentication that will be used to connect and communicate with the remote FortiSOAR server. You can choose between Basic (default) or HMAC.
Note: It is recommended to use 'HMAC' authentication for more secure connections.

If you choose 'Basic', then you must specify the following parameters:
  • User Name: Specify the username to access the remote FortiSOAR server to which you will connect and perform automated operations.
  • Password: Specify the password to access the remote FortiSOAR server to which you will connect and perform automated operations.
    Note: Ensure that the user who will perform operations using this connector has an available licensed 'seat', either in the form of an extra 'Concurrent' user license or create the user as a 'Named' user. For information on 'Concurrent' and 'Named' users, see the Licensing FortiSOAR chapter in the "Administration Guide" that is part of the FortiSOAR Documentation.
If you choose 'HMAC', then you must specify the following parameters:
  • Public Key: Specify the public key that is used to access the remote FortiSOAR server to which you will connect and perform automated operations.
  • Private Key: Specify the private key that is used to access the remote FortiSOAR server to which you will connect and perform automated operations.
    Note: For information on how to get the Public/Private key pair, see the "Administration Guide" that is part of the FortiSOAR Documentation.
Verify SSL Specifies whether the SSL certificate for the server is to be verified or not.

Actions supported by the connector

The following automated operations can be included in playbooks and you can also use the annotations to access operations from FortiSOAR™:

Function Description Annotation and Category
Make an API call Makes an API call to the FortiSOAR remote endpoint using the specified method and payload.
make_api_call
Investigation

operation: Make an API call

Input parameters

Parameter Description
Endpoint IRI Specify the IRI of FortiSOAR-supported RESTful APIs endpoints using which you want to make the API call to the remote FortiSOAR server. For example /api/3/alerts
HTTP method Select the HTTP method using which you want to make the API call to the remote FortiSOAR server. You can choose from the following commonly-used HTTP method: POST, GET, PUT, and DELETE. These HTTP methods correspond to create, read, update, and delete (or CRUD) operations, respectively.
If you choose the 'GET' or 'DELETE' methods, then you must specify the following parameters:
  • Query params: Specify the API Query parameters using which you want to make the API call to the remote FortiSOAR server. API Query parameters can be defined as the optional key-value pairs that appear after the question mark in the URL. Basically, they are extensions of the URL that are utilized to help determine specific content or action based on the data being delivered.
  • Headers: Specify the Header associated with the API call you want to make to the remote FortiSOAR server. HTTP Headers are an important part of the API request and response as they represent the metadata associated with the API request and response.

In addition to the above parameters, if you choose the 'POST' or 'PUT' methods, you must specify the Body parameter:

  • Body: Specify the request body that is to be used to send and receive data from the remote FortiSOAR server using the REST API.

Output

The output schema depends on the API endpoint you choose.

Included playbooks

The Sample - Remote Fortisoar - 1.0.0 playbook collection comes bundled with the Remote FortiSOAR connector. These playbooks contain steps using which you can perform all supported actions. You can see bundled playbooks in the Automation > Playbooks section in FortiSOAR™ after importing the Remote FortiSOAR connector.

  • Make an API call

Note: If you are planning to use any of the sample playbooks in your environment, ensure that you clone those playbooks and move them to a different collection since the sample playbook collection gets deleted during the connector upgrade and delete.

Previous
Next

About the connector

This document provides information about the Remote FortiSOAR connector, which facilitates automated interactions, with a FortiSOAR endpoint using FortiSOAR™ playbooks. Add the Remote FortiSOAR connector as a step in FortiSOAR™ playbooks and run REST API operations on FortiSOAR environments other than your own FortiSOAR environment.

Version information

Connector Version: 1.0.0

FortiSOAR™ Version Tested on: 7.3.1-2105

Authored By: Fortinet

Certified: Yes

Installing the connector

Use the Content Hub to install the connector. For the detailed procedure to install a connector, click here.

You can also use the following yum command as a root user to install connectors from an SSH session:
yum install cyops-connector-remote-fortisoar

Prerequisites to configuring the connector

Minimum Permissions Required

Configuring the connector

For the procedure to configure a connector, click here.

Configuration parameters

In FortiSOAR™, on the Content Hub (or Connector Store) page, click the Manage tab, and then click the Remote FortiSOAR connector card. On the connector popup, click the Configurations tab to enter the required configuration details.

Parameter Description
FortiSOAR Endpoint URL Specify the URL of the FortiSOAR server to which you will connect and perform automated operations
Authentication Type Select the type of authentication that will be used to connect and communicate with the remote FortiSOAR server. You can choose between Basic (default) or HMAC.
Note: It is recommended to use 'HMAC' authentication for more secure connections.

If you choose 'Basic', then you must specify the following parameters:
  • User Name: Specify the username to access the remote FortiSOAR server to which you will connect and perform automated operations.
  • Password: Specify the password to access the remote FortiSOAR server to which you will connect and perform automated operations.
    Note: Ensure that the user who will perform operations using this connector has an available licensed 'seat', either in the form of an extra 'Concurrent' user license or create the user as a 'Named' user. For information on 'Concurrent' and 'Named' users, see the Licensing FortiSOAR chapter in the "Administration Guide" that is part of the FortiSOAR Documentation.
If you choose 'HMAC', then you must specify the following parameters:
  • Public Key: Specify the public key that is used to access the remote FortiSOAR server to which you will connect and perform automated operations.
  • Private Key: Specify the private key that is used to access the remote FortiSOAR server to which you will connect and perform automated operations.
    Note: For information on how to get the Public/Private key pair, see the "Administration Guide" that is part of the FortiSOAR Documentation.
Verify SSL Specifies whether the SSL certificate for the server is to be verified or not.

Actions supported by the connector

The following automated operations can be included in playbooks and you can also use the annotations to access operations from FortiSOAR™:

Function Description Annotation and Category
Make an API call Makes an API call to the FortiSOAR remote endpoint using the specified method and payload.
make_api_call
Investigation

operation: Make an API call

Input parameters

Parameter Description
Endpoint IRI Specify the IRI of FortiSOAR-supported RESTful APIs endpoints using which you want to make the API call to the remote FortiSOAR server. For example /api/3/alerts
HTTP method Select the HTTP method using which you want to make the API call to the remote FortiSOAR server. You can choose from the following commonly-used HTTP method: POST, GET, PUT, and DELETE. These HTTP methods correspond to create, read, update, and delete (or CRUD) operations, respectively.
If you choose the 'GET' or 'DELETE' methods, then you must specify the following parameters:
  • Query params: Specify the API Query parameters using which you want to make the API call to the remote FortiSOAR server. API Query parameters can be defined as the optional key-value pairs that appear after the question mark in the URL. Basically, they are extensions of the URL that are utilized to help determine specific content or action based on the data being delivered.
  • Headers: Specify the Header associated with the API call you want to make to the remote FortiSOAR server. HTTP Headers are an important part of the API request and response as they represent the metadata associated with the API request and response.

In addition to the above parameters, if you choose the 'POST' or 'PUT' methods, you must specify the Body parameter:

  • Body: Specify the request body that is to be used to send and receive data from the remote FortiSOAR server using the REST API.

Output

The output schema depends on the API endpoint you choose.

Included playbooks

The Sample - Remote Fortisoar - 1.0.0 playbook collection comes bundled with the Remote FortiSOAR connector. These playbooks contain steps using which you can perform all supported actions. You can see bundled playbooks in the Automation > Playbooks section in FortiSOAR™ after importing the Remote FortiSOAR connector.

Note: If you are planning to use any of the sample playbooks in your environment, ensure that you clone those playbooks and move them to a different collection since the sample playbook collection gets deleted during the connector upgrade and delete.

Previous
Next