This document provides information about the Remote FortiSOAR connector, which facilitates automated interactions, with a FortiSOAR endpoint using FortiSOAR™ playbooks. Add the Remote FortiSOAR connector as a step in FortiSOAR™ playbooks and run REST API operations on FortiSOAR environments other than your own FortiSOAR environment.
Connector Version: 1.0.0
FortiSOAR™ Version Tested on: 7.3.1-2105
Authored By: Fortinet
Certified: Yes
Use the Content Hub to install the connector. For the detailed procedure to install a connector, click here.
You can also use the following yum command as a root
user to install connectors from an SSH session:
yum install cyops-connector-remote-fortisoar
For the procedure to configure a connector, click here.
In FortiSOAR™, on the Content Hub (or Connector Store) page, click the Manage tab, and then click the Remote FortiSOAR connector card. On the connector popup, click the Configurations tab to enter the required configuration details.
Parameter | Description |
---|---|
FortiSOAR Endpoint URL | Specify the URL of the FortiSOAR server to which you will connect and perform automated operations |
Authentication Type | Select the type of authentication that will be used to connect and communicate with the remote FortiSOAR server. You can choose between Basic (default) or HMAC. Note: It is recommended to use 'HMAC' authentication for more secure connections. If you choose 'Basic', then you must specify the following parameters:
|
Verify SSL | Specifies whether the SSL certificate for the server is to be verified or not. |
The following automated operations can be included in playbooks and you can also use the annotations to access operations from FortiSOAR™:
Function | Description | Annotation and Category |
---|---|---|
Make an API call | Makes an API call to the FortiSOAR remote endpoint using the specified method and payload. | make_api_call Investigation |
Parameter | Description |
---|---|
Endpoint IRI | Specify the IRI of FortiSOAR-supported RESTful APIs endpoints using which you want to make the API call to the remote FortiSOAR server. For example /api/3/alerts |
HTTP method | Select the HTTP method using which you want to make the API call to the remote FortiSOAR server. You can choose from the following commonly-used HTTP method: POST, GET, PUT, and DELETE. These HTTP methods correspond to create, read, update, and delete (or CRUD) operations, respectively. If you choose the 'GET' or 'DELETE' methods, then you must specify the following parameters:
In addition to the above parameters, if you choose the 'POST' or 'PUT' methods, you must specify the Body parameter:
|
The output schema depends on the API endpoint you choose.
The Sample - Remote Fortisoar - 1.0.0
playbook collection comes bundled with the Remote FortiSOAR connector. These playbooks contain steps using which you can perform all supported actions. You can see bundled playbooks in the Automation > Playbooks section in FortiSOAR™ after importing the Remote FortiSOAR connector.
Note: If you are planning to use any of the sample playbooks in your environment, ensure that you clone those playbooks and move them to a different collection since the sample playbook collection gets deleted during the connector upgrade and delete.
This document provides information about the Remote FortiSOAR connector, which facilitates automated interactions, with a FortiSOAR endpoint using FortiSOAR™ playbooks. Add the Remote FortiSOAR connector as a step in FortiSOAR™ playbooks and run REST API operations on FortiSOAR environments other than your own FortiSOAR environment.
Connector Version: 1.0.0
FortiSOAR™ Version Tested on: 7.3.1-2105
Authored By: Fortinet
Certified: Yes
Use the Content Hub to install the connector. For the detailed procedure to install a connector, click here.
You can also use the following yum command as a root
user to install connectors from an SSH session:
yum install cyops-connector-remote-fortisoar
For the procedure to configure a connector, click here.
In FortiSOAR™, on the Content Hub (or Connector Store) page, click the Manage tab, and then click the Remote FortiSOAR connector card. On the connector popup, click the Configurations tab to enter the required configuration details.
Parameter | Description |
---|---|
FortiSOAR Endpoint URL | Specify the URL of the FortiSOAR server to which you will connect and perform automated operations |
Authentication Type | Select the type of authentication that will be used to connect and communicate with the remote FortiSOAR server. You can choose between Basic (default) or HMAC. Note: It is recommended to use 'HMAC' authentication for more secure connections. If you choose 'Basic', then you must specify the following parameters:
|
Verify SSL | Specifies whether the SSL certificate for the server is to be verified or not. |
The following automated operations can be included in playbooks and you can also use the annotations to access operations from FortiSOAR™:
Function | Description | Annotation and Category |
---|---|---|
Make an API call | Makes an API call to the FortiSOAR remote endpoint using the specified method and payload. | make_api_call Investigation |
Parameter | Description |
---|---|
Endpoint IRI | Specify the IRI of FortiSOAR-supported RESTful APIs endpoints using which you want to make the API call to the remote FortiSOAR server. For example /api/3/alerts |
HTTP method | Select the HTTP method using which you want to make the API call to the remote FortiSOAR server. You can choose from the following commonly-used HTTP method: POST, GET, PUT, and DELETE. These HTTP methods correspond to create, read, update, and delete (or CRUD) operations, respectively. If you choose the 'GET' or 'DELETE' methods, then you must specify the following parameters:
In addition to the above parameters, if you choose the 'POST' or 'PUT' methods, you must specify the Body parameter:
|
The output schema depends on the API endpoint you choose.
The Sample - Remote Fortisoar - 1.0.0
playbook collection comes bundled with the Remote FortiSOAR connector. These playbooks contain steps using which you can perform all supported actions. You can see bundled playbooks in the Automation > Playbooks section in FortiSOAR™ after importing the Remote FortiSOAR connector.
Note: If you are planning to use any of the sample playbooks in your environment, ensure that you clone those playbooks and move them to a different collection since the sample playbook collection gets deleted during the connector upgrade and delete.