DOCUMENT LIBRARY
1.0.0
DOCUMENT LIBRARY
1.0.0
An RSS feed, short for Really Simple Syndication, is a standardized format used to publish frequently updated content such as blog posts, news headlines, audio, and video. It allows users to subscribe to their favorite websites and receive updates automatically without having to visit each site individually. RSS feeds contain headlines, summaries, and links to full articles, enabling users to stay informed about new content from multiple sources in one place.
This document provides information about the RSS Feed Connector, which facilitates automated interactions, with a RSS Feed server using FortiSOAR™ playbooks. Add the RSS Feed Connector as a step in FortiSOAR™ playbooks and perform automated operations with RSS Feed.
Connector Version: 1.0.0
FortiSOAR™ Version Tested on: 7.5.0-4015
Authored By: Fortinet
Certified: Yes
Use the Content Hub to install the connector. For the detailed procedure to install a connector, click here.
You can also use the yum command as a root user to install the connector:
yum install cyops-connector-rss-feed
For the procedure to configure a connector, click here
No configuration is required for this connector.
The following automated operations can be included in playbooks and you can also use the annotations to access operations:
| Function | Description | Annotation and Category |
|---|---|---|
| Get Indicators | Retrieves indicators as an RSS feed based on the feed URL that you have specified. | get_indicators Investigation |
| Parameter | Description |
|---|---|
| Feed URL | Specify the URL of the feed based on which you want to retrieve reports from RSS. |
The output contains the following populated JSON schema:
{
"bozo": "",
"feed": {
"link": "",
"image": {
"href": "",
"link": "",
"links": [
{
"rel": "",
"href": "",
"type": ""
}
],
"title": "",
"title_detail": {
"base": "",
"type": "",
"value": "",
"language": ""
}
},
"links": [
{
"rel": "",
"href": "",
"type": ""
}
],
"title": "",
"rights": "",
"updated": "",
"language": "",
"subtitle": "",
"published": "",
"title_detail": {
"base": "",
"type": "",
"value": "",
"language": ""
},
"rights_detail": {
"base": "",
"type": "",
"value": "",
"language": ""
},
"updated_parsed": [],
"subtitle_detail": {
"base": "",
"type": "",
"value": "",
"language": ""
},
"published_parsed": []
},
"href": "",
"status": "",
"entries": [
{
"id": "",
"link": "",
"tags": [
{
"term": "",
"label": "",
"scheme": ""
}
],
"links": [
{
"rel": "",
"href": "",
"type": ""
}
],
"title": "",
"author": "",
"credit": "",
"authors": [
{
"name": ""
}
],
"content": [
{
"base": "",
"type": "",
"value": "",
"language": ""
}
],
"summary": "",
"published": "",
"guidislink": "",
"media_credit": [
{
"content": ""
}
],
"title_detail": {
"base": "",
"type": "",
"value": "",
"language": ""
},
"author_detail": {
"name": ""
},
"media_content": [
{
"url": "",
"width": "",
"height": "",
"medium": ""
}
],
"summary_detail": {
"base": "",
"type": "",
"value": "",
"language": ""
},
"published_parsed": []
}
],
"headers": {
"age": "",
"via": "",
"date": "",
"vary": "",
"server": "",
"x-cache": "",
"x-timer": "",
"connection": "",
"x-served-by": "",
"content-type": "",
"x-cache-hits": "",
"accept-ranges": "",
"cache-control": "",
"content-length": "",
"content-encoding": "",
"strict-transport-security": "",
"access-control-allow-origin": "",
"x-envoy-decorator-operation": "",
"access-control-allow-headers": "",
"access-control-allow-methods": "",
"access-control-expose-headers": "",
"x-envoy-upstream-service-time": ""
},
"version": "",
"encoding": "",
"namespaces": {
"dc": "",
"nyt": "",
"media": ""
}
}
The Sample - RSS Feed - 1.0.0 playbook collection comes bundled with the RSS Feed connector. These playbooks contain steps using which you can perform all supported actions. You can see bundled playbooks in the Automation > Playbooks section in FortiSOAR™ after importing the RSS Feed connector.
Note: If you are planning to use any of the sample playbooks in your environment, ensure that you clone those playbooks and move them to a different collection since the sample playbook collection gets deleted during connector upgrade and delete.
Use the Data Ingestion Wizard to easily ingest data into FortiSOAR™ by pulling indicators from RSS Feed. Currently, indicators ingested from RSS Feed is mapped to Alerts in FortiSOAR™. For more information on the Data Ingestion Wizard, see the Connectors Guide in the FortiSOAR™ product documentation.
You can configure data ingestion using the Data Ingestion Wizard to seamlessly map the incoming RSS Feed indicators to FortiSOAR™'s Alerts.
The Data Ingestion Wizard helps you to configure the scheduled pulling of data from RSS Feed into FortiSOAR™. It also lets you pull some sample data from RSS Feed using which you can define the mapping of data between RSS Feed and FortiSOAR™. The mapping of common fields is generally already done by the Data Ingestion Wizard; users are mostly required to only map any custom fields that are added to the RSS Feed indicators.
To begin configuring data ingestion, click Configure Data Ingestion on the RSS Feed connector's Configurations page.
Click Let's Start by fetching some data, to open the Fetch Sample Data screen.
Sample data is required to create a field mapping between RSS Feed data and FortiSOAR™. The sample data is pulled from connector actions or ingestion playbooks.
On the Fetch Data screen, provide the configurations required to fetch indicators from RSS Feed by specifying the Feed URL.
The fetched data is used to create a mapping between the indicators from RSS Feed and FortiSOAR Alerts. Once you have completed specifying the configurations, click Fetch Data.
On the Field Mapping screen, map the fields of the ingested indicators RSS Feed to the fields of a Alerts present in FortiSOAR™.
To map a field, click the key in the sample data to add the Jinja value of the field. For example, to map the Title parameter of an ingested indicators from RSS Feed to the Name parameter of a FortiSOAR™ Alerts, click the title field and then click the name field to populate its keys:
For more information on field mapping, see the Data Ingestion chapter in the Connectors Guide in the FortiSOAR™ product documentation. Once you have completed the mapping of fields, click Save Mapping & Continue.
(Optional) Use the Scheduling screen to configure schedule-based ingestion, i.e., specify the polling frequency to RSS Feed, so that the content gets pulled from the RSS Feed integration into FortiSOAR™
On the Scheduling screen, from the Do you want to schedule the ingestion? drop-down list, select Yes.
In the Configure Schedule Settings section, specify the Cron expression for the schedule. For example, if you want to pull data from RSS Feed every 5 minutes, click Every X Minute, and in the minute box enter */5. This means that the Threat Intelligence Feeds will be pulled from RSS Feed every 5 minutes.
Once you have completed scheduling, click Save Settings & Continue.
The Summary screen displays a summary of the mapping done, and it also contains links to the Ingestion playbooks. Click Done to complete the data ingestion and exit the Data Ingestion Wizard.
An RSS feed, short for Really Simple Syndication, is a standardized format used to publish frequently updated content such as blog posts, news headlines, audio, and video. It allows users to subscribe to their favorite websites and receive updates automatically without having to visit each site individually. RSS feeds contain headlines, summaries, and links to full articles, enabling users to stay informed about new content from multiple sources in one place.
This document provides information about the RSS Feed Connector, which facilitates automated interactions, with a RSS Feed server using FortiSOAR™ playbooks. Add the RSS Feed Connector as a step in FortiSOAR™ playbooks and perform automated operations with RSS Feed.
Connector Version: 1.0.0
FortiSOAR™ Version Tested on: 7.5.0-4015
Authored By: Fortinet
Certified: Yes
Use the Content Hub to install the connector. For the detailed procedure to install a connector, click here.
You can also use the yum command as a root user to install the connector:
yum install cyops-connector-rss-feed
For the procedure to configure a connector, click here
No configuration is required for this connector.
The following automated operations can be included in playbooks and you can also use the annotations to access operations:
| Function | Description | Annotation and Category |
|---|---|---|
| Get Indicators | Retrieves indicators as an RSS feed based on the feed URL that you have specified. | get_indicators Investigation |
| Parameter | Description |
|---|---|
| Feed URL | Specify the URL of the feed based on which you want to retrieve reports from RSS. |
The output contains the following populated JSON schema:
{
"bozo": "",
"feed": {
"link": "",
"image": {
"href": "",
"link": "",
"links": [
{
"rel": "",
"href": "",
"type": ""
}
],
"title": "",
"title_detail": {
"base": "",
"type": "",
"value": "",
"language": ""
}
},
"links": [
{
"rel": "",
"href": "",
"type": ""
}
],
"title": "",
"rights": "",
"updated": "",
"language": "",
"subtitle": "",
"published": "",
"title_detail": {
"base": "",
"type": "",
"value": "",
"language": ""
},
"rights_detail": {
"base": "",
"type": "",
"value": "",
"language": ""
},
"updated_parsed": [],
"subtitle_detail": {
"base": "",
"type": "",
"value": "",
"language": ""
},
"published_parsed": []
},
"href": "",
"status": "",
"entries": [
{
"id": "",
"link": "",
"tags": [
{
"term": "",
"label": "",
"scheme": ""
}
],
"links": [
{
"rel": "",
"href": "",
"type": ""
}
],
"title": "",
"author": "",
"credit": "",
"authors": [
{
"name": ""
}
],
"content": [
{
"base": "",
"type": "",
"value": "",
"language": ""
}
],
"summary": "",
"published": "",
"guidislink": "",
"media_credit": [
{
"content": ""
}
],
"title_detail": {
"base": "",
"type": "",
"value": "",
"language": ""
},
"author_detail": {
"name": ""
},
"media_content": [
{
"url": "",
"width": "",
"height": "",
"medium": ""
}
],
"summary_detail": {
"base": "",
"type": "",
"value": "",
"language": ""
},
"published_parsed": []
}
],
"headers": {
"age": "",
"via": "",
"date": "",
"vary": "",
"server": "",
"x-cache": "",
"x-timer": "",
"connection": "",
"x-served-by": "",
"content-type": "",
"x-cache-hits": "",
"accept-ranges": "",
"cache-control": "",
"content-length": "",
"content-encoding": "",
"strict-transport-security": "",
"access-control-allow-origin": "",
"x-envoy-decorator-operation": "",
"access-control-allow-headers": "",
"access-control-allow-methods": "",
"access-control-expose-headers": "",
"x-envoy-upstream-service-time": ""
},
"version": "",
"encoding": "",
"namespaces": {
"dc": "",
"nyt": "",
"media": ""
}
}
The Sample - RSS Feed - 1.0.0 playbook collection comes bundled with the RSS Feed connector. These playbooks contain steps using which you can perform all supported actions. You can see bundled playbooks in the Automation > Playbooks section in FortiSOAR™ after importing the RSS Feed connector.
Note: If you are planning to use any of the sample playbooks in your environment, ensure that you clone those playbooks and move them to a different collection since the sample playbook collection gets deleted during connector upgrade and delete.
Use the Data Ingestion Wizard to easily ingest data into FortiSOAR™ by pulling indicators from RSS Feed. Currently, indicators ingested from RSS Feed is mapped to Alerts in FortiSOAR™. For more information on the Data Ingestion Wizard, see the Connectors Guide in the FortiSOAR™ product documentation.
You can configure data ingestion using the Data Ingestion Wizard to seamlessly map the incoming RSS Feed indicators to FortiSOAR™'s Alerts.
The Data Ingestion Wizard helps you to configure the scheduled pulling of data from RSS Feed into FortiSOAR™. It also lets you pull some sample data from RSS Feed using which you can define the mapping of data between RSS Feed and FortiSOAR™. The mapping of common fields is generally already done by the Data Ingestion Wizard; users are mostly required to only map any custom fields that are added to the RSS Feed indicators.
To begin configuring data ingestion, click Configure Data Ingestion on the RSS Feed connector's Configurations page.
Click Let's Start by fetching some data, to open the Fetch Sample Data screen.
Sample data is required to create a field mapping between RSS Feed data and FortiSOAR™. The sample data is pulled from connector actions or ingestion playbooks.
On the Fetch Data screen, provide the configurations required to fetch indicators from RSS Feed by specifying the Feed URL.
The fetched data is used to create a mapping between the indicators from RSS Feed and FortiSOAR Alerts. Once you have completed specifying the configurations, click Fetch Data.
On the Field Mapping screen, map the fields of the ingested indicators RSS Feed to the fields of a Alerts present in FortiSOAR™.
To map a field, click the key in the sample data to add the Jinja value of the field. For example, to map the Title parameter of an ingested indicators from RSS Feed to the Name parameter of a FortiSOAR™ Alerts, click the title field and then click the name field to populate its keys:
For more information on field mapping, see the Data Ingestion chapter in the Connectors Guide in the FortiSOAR™ product documentation. Once you have completed the mapping of fields, click Save Mapping & Continue.
(Optional) Use the Scheduling screen to configure schedule-based ingestion, i.e., specify the polling frequency to RSS Feed, so that the content gets pulled from the RSS Feed integration into FortiSOAR™
On the Scheduling screen, from the Do you want to schedule the ingestion? drop-down list, select Yes.
In the Configure Schedule Settings section, specify the Cron expression for the schedule. For example, if you want to pull data from RSS Feed every 5 minutes, click Every X Minute, and in the minute box enter */5. This means that the Threat Intelligence Feeds will be pulled from RSS Feed every 5 minutes.
Once you have completed scheduling, click Save Settings & Continue.
The Summary screen displays a summary of the mapping done, and it also contains links to the Ingestion playbooks. Click Done to complete the data ingestion and exit the Data Ingestion Wizard.