About the connector
Google Safe Browsing is a blacklist service provided by Google that provides lists of URLs for web resources that contain malware or phishing content. Google Safe Browsing conducts client-side checks. If a website looks suspicious, it sends a subset of likely phishing and social engineering terms found on the page to Google to obtain additional information available from Google's servers on whether the website should be considered malicious. Logs, "including an IP address and one or more cookies" are kept for two weeks. They are tied to the other Safe Browsing requests made from the same device.
This document provides information about the Safe Browsing connector, which facilitates automated interactions, with a Safe Browsing site using FortiSOAR™ playbooks. Add the Safe Browsing connector as a step in FortiSOAR™ playbooks and perform automated operations, such as retrieving reputation information for specific URL(s).
Version information
Connector Version: 1.0.0
Compatibility with FortiSOAR™ Versions: 4.10.3-161 and later
Installing the connector
For the procedure to install a connector, click here.
Prerequisites to configuring the connector
- You must have the URL of the Google Safe Browsing site to which you will connect and perform the automated operations and the API key configured for your Google Safe Browsing account to access that Safe Browsing site.
- To access the FortiSOAR™ UI, ensure that port 443 is open through the firewall for the FortiSOAR™ instance.
Configuring the connector
For the procedure to configure a connector, click here.
Configuration parameters
In FortiSOAR™, on the Connectors page, select the Safe Browsing connector and click Configure to configure the following parameters:
| Parameter |
Description |
| Server URL |
URL of the Safe Browsing site to which you will connect and perform the automated operations. |
| API Key |
API key that is configured for your Safe Browsing account for the Safe Browsing site to which you will connect and perform the automated operations. |
| Verify SSL |
Specifies whether the SSL certificate for the server is to be verified or not.
By default, this option is set as True. |
Actions supported by the connector
The following automated operations can be included in playbooks and you can also use the annotations to access operations from FortiSOAR™ release 4.10.0 onwards:
| Function |
Description |
Annotation and Category |
| Get URL Reputation |
Retrieves details and reputation of the URL(s) that you have specified from the Safe Browsing site. |
get_url_reputation
Investigation |
operation: Get URL Reputation
Input parameters
| Parameter |
Description |
| URLs (CSV / List Format) |
URL(s) for which you want to retrieve reputation information from the Safe Browsing site. You can enter multiple URLs in this field using the csv or the list format, for example, http://sampleURL.com, http://sampleURL1.com. |
Output
The JSON output contains all information, including reputation information, for the URLs that you have specified, retrieved from the Safe Browsing site.
Following image displays a sample output:
Included playbooks
The Sample - Safe-Browsing - 1.0.0 playbook collection comes bundled with the Safe Browsing connector. This playbook contains steps using which you can perform all supported actions. You can see the bundled playbooks in the Automation > Playbooks section in FortiSOAR™ after importing the Safe Browsing connector.
Note: If you are planning to use any of the sample playbooks in your environment, ensure that you clone those playbooks and move them to a different collection since the sample playbook collection gets deleted during connector upgrade and delete.
