Fortinet Document Library

Version:


Table of Contents

1.0.0
Copy Link

About the connector

Google Safe Browsing is a blacklist service provided by Google that provides lists of URLs for web resources that contain malware or phishing content. Google Safe Browsing conducts client-side checks. If a website looks suspicious, it sends a subset of likely phishing and social engineering terms found on the page to Google to obtain additional information available from Google's servers on whether the website should be considered malicious. Logs, "including an IP address and one or more cookies" are kept for two weeks. They are tied to the other Safe Browsing requests made from the same device.

This document provides information about the Safe Browsing connector, which facilitates automated interactions, with a Safe Browsing site using FortiSOAR™ playbooks. Add the Safe Browsing connector as a step in FortiSOAR™ playbooks and perform automated operations, such as retrieving reputation information for specific URL(s).

 

Version information

Connector Version: 1.0.0

Compatibility with FortiSOAR™ Versions: 4.10.3-161 and later

 

Installing the connector

For the procedure to install a connector, click here.

 

Prerequisites to configuring the connector

  • You must have the URL of the Google Safe Browsing site to which you will connect and perform the automated operations and the API key configured for your Google Safe Browsing account to access that Safe Browsing site.
  • To access the FortiSOAR™ UI, ensure that port 443 is open through the firewall for the FortiSOAR™ instance.

 

Configuring the connector

For the procedure to configure a connector, click here.

 

Configuration parameters

In FortiSOAR™, on the Connectors page, select the Safe Browsing connector and click Configure to configure the following parameters:

 

Parameter Description
Server URL URL of the Safe Browsing site to which you will connect and perform the automated operations.
API Key API key that is configured for your Safe Browsing account for the Safe Browsing site to which you will connect and perform the automated operations.
Verify SSL Specifies whether the SSL certificate for the server is to be verified or not.
By default, this option is set as True.

 

Actions supported by the connector

The following automated operations can be included in playbooks and you can also use the annotations to access operations from FortiSOAR™ release 4.10.0 onwards:

 

Function Description Annotation and Category
Get URL Reputation Retrieves details and reputation of the URL(s) that you have specified from the Safe Browsing site. get_url_reputation
Investigation

 

operation: Get URL Reputation

Input parameters

 

Parameter Description
URLs (CSV / List Format) URL(s) for which you want to retrieve reputation information from the Safe Browsing site. You can enter multiple URLs in this field using the csv or the list format, for example, http://sampleURL.com, http://sampleURL1.com.

 

Output

The JSON output contains all information, including reputation information, for the URLs that you have specified, retrieved from the Safe Browsing site.

Following image displays a sample output:
 

Sample output of the Get URL Reputation operation

 

Included playbooks

The Sample - Safe-Browsing - 1.0.0 playbook collection comes bundled with the Safe Browsing connector. This playbook contains steps using which you can perform all supported actions. You can see the bundled playbooks in the Automation > Playbooks section in FortiSOAR™ after importing the Safe Browsing connector.

  • Get URL Reputation

Note: If you are planning to use any of the sample playbooks in your environment, ensure that you clone those playbooks and move them to a different collection since the sample playbook collection gets deleted during connector upgrade and delete.

 

About the connector

Google Safe Browsing is a blacklist service provided by Google that provides lists of URLs for web resources that contain malware or phishing content. Google Safe Browsing conducts client-side checks. If a website looks suspicious, it sends a subset of likely phishing and social engineering terms found on the page to Google to obtain additional information available from Google's servers on whether the website should be considered malicious. Logs, "including an IP address and one or more cookies" are kept for two weeks. They are tied to the other Safe Browsing requests made from the same device.

This document provides information about the Safe Browsing connector, which facilitates automated interactions, with a Safe Browsing site using FortiSOAR™ playbooks. Add the Safe Browsing connector as a step in FortiSOAR™ playbooks and perform automated operations, such as retrieving reputation information for specific URL(s).

 

Version information

Connector Version: 1.0.0

Compatibility with FortiSOAR™ Versions: 4.10.3-161 and later

 

Installing the connector

For the procedure to install a connector, click here.

 

Prerequisites to configuring the connector

 

Configuring the connector

For the procedure to configure a connector, click here.

 

Configuration parameters

In FortiSOAR™, on the Connectors page, select the Safe Browsing connector and click Configure to configure the following parameters:

 

Parameter Description
Server URL URL of the Safe Browsing site to which you will connect and perform the automated operations.
API Key API key that is configured for your Safe Browsing account for the Safe Browsing site to which you will connect and perform the automated operations.
Verify SSL Specifies whether the SSL certificate for the server is to be verified or not.
By default, this option is set as True.

 

Actions supported by the connector

The following automated operations can be included in playbooks and you can also use the annotations to access operations from FortiSOAR™ release 4.10.0 onwards:

 

Function Description Annotation and Category
Get URL Reputation Retrieves details and reputation of the URL(s) that you have specified from the Safe Browsing site. get_url_reputation
Investigation

 

operation: Get URL Reputation

Input parameters

 

Parameter Description
URLs (CSV / List Format) URL(s) for which you want to retrieve reputation information from the Safe Browsing site. You can enter multiple URLs in this field using the csv or the list format, for example, http://sampleURL.com, http://sampleURL1.com.

 

Output

The JSON output contains all information, including reputation information, for the URLs that you have specified, retrieved from the Safe Browsing site.

Following image displays a sample output:
 

Sample output of the Get URL Reputation operation

 

Included playbooks

The Sample - Safe-Browsing - 1.0.0 playbook collection comes bundled with the Safe Browsing connector. This playbook contains steps using which you can perform all supported actions. You can see the bundled playbooks in the Automation > Playbooks section in FortiSOAR™ after importing the Safe Browsing connector.

Note: If you are planning to use any of the sample playbooks in your environment, ensure that you clone those playbooks and move them to a different collection since the sample playbook collection gets deleted during connector upgrade and delete.