Fortinet Document Library

Version:


Table of Contents

1.0.0
Copy Link

About the connector

Microsoft SCCM is a systems management software product developed by Microsoft for managing large groups of computers. It provides remote control, patch management, software distribution, operating system deployment, network access protection, and hardware and software inventory.

This document provides information about the Microsoft SCCM connector, which facilitates automated interactions, with a Microsoft SCCM server using FortiSOAR™ playbooks. Add the Microsoft SCCM connector as a step in FortiSOAR™ playbooks and perform automated operations, such as pulling a list of software patches and deploying patches on Device Collections.

 

Version information

Connector Version: 1.0.0

Compatibility with FortiSOAR™ Versions: 4.9.0.0-708 and later

 

Installing the connector

For the procedure to install a connector, click here.

 

Prerequisites to configuring the connector

  • The SCCM server must have Windows Remote Management (WinRM) enabled to run PowerShell commands remotely from your FortiSOAR™ instance. The http or https port configured for WinRM must be opened for requests from your FortiSOAR™ instance. See Microsoft Documentation for information on how to install and configure WinRM.

Configuring the connector

For the procedure to configure a connector, click here.

 

Configuration parameters

In CyOPs™, on the Connectors page, select the Microsoft SCCM connector and click Configure to configure the following parameters:

 

Parameter Description
Address IP address of the Microsoft SCCM server to which you will connect and perform the automated operations.
Username Username to access the Microsoft SCCM server.
Password Password to access the Microsoft SCCM server.
WinRM Port WinRM Port on the Microsoft SCCM server.
WinRM Protocol Protocol used for the remote connection, choose between http or https.
By default, https is used.
Do Not Fail On WinRM command failure The default behavior is that all operations of the Microsoft SCCM connector fail if the corresponding Powershell command executed returns a non-0 status code.
If you want to check the error message and take subsequent actions in the playbook based on the error, set this value to True. In such a case the connector operations do not fail and they return the following JSON response: {‘op_status’: -1, ‘result’: ‘<error message>’}. You can check the status and the result in the subsequent playbook step.
By default, this option is set to False.
Verify SSL Specifies whether the SSL certificate for the server is to be verified or not.
By default, this option is set as True.

 

 

Actions supported by the connector

The following automated operations can be included in playbooks and you can also use the annotations to access operations from FortiSOAR™ release 4.10.0 onwards:

 

Function Description Annotation and Category
Get All Software Updates Fetches a list of Software Updates available on the SCCM server. get_patches
Investigation
Get All Device Collections Fetches a list of Device Collections available on the SCCM server. get_devices
Investigation
Deploy Patch Deploys a software patch that you specify on all clients belonging to a device group that you specify. deploy_patch
Remediation

 

operation: Get All Software Updates

Input parameters

None.

Output

The JSON output has the following format:

 

{
    ‘op_status’: <command exit status>,
    ‘result’: ‘<json list of all software update objects; or the error message in case of failure>’
}

 

Following image displays a sample output: 

Sample output of the Get All Software Updates operation

 

operation: Get All Device Collections

Input parameters

None.

Output

The JSON output has the following format:

 

{
    ‘op_status’: <command exit status>,
    ‘result’: ‘<json list of all device collection objects; or the error message in case of failure>’
}

 

Following image displays a sample output: 

Sample output of the Get All Device Collections operation 

operation: Deploy Patch

Input parameters

 

Parameter Description
Software Patch Name Name of the software patch that you want to deploy.
Device Collection Name Name of the Device Collections to which you want the patch to be deployed.

 

Note: For the deployment to be successful, the patch must have been download on the distribution point. 

Output

The JSON output has the following format:

 

{
    ‘op_status’: <command exit status>,
    ‘result’: ‘<json list of all deployment attributes; or the error message in case of failure>’
}

 

Following image displays a sample output: 

Sample output of the Deploy Patch operation

 

Included playbooks

The Sample - Microsoft SCCM - 1.0.0 playbook collection comes bundled with the Microsoft SCCM connector. This playbook contains steps using which you can perform all supported actions. You can see the bundled playbooks in the Automation > Playbooks section in FortiSOAR™ after importing the Microsoft SCCM connector.

  • Deploy Patch

Note: If you are planning to use any of the sample playbooks in your environment, ensure that you clone those playbooks and move them to a different collection since the sample playbook collection gets deleted during connector upgrade and delete.

 

About the connector

Microsoft SCCM is a systems management software product developed by Microsoft for managing large groups of computers. It provides remote control, patch management, software distribution, operating system deployment, network access protection, and hardware and software inventory.

This document provides information about the Microsoft SCCM connector, which facilitates automated interactions, with a Microsoft SCCM server using FortiSOAR™ playbooks. Add the Microsoft SCCM connector as a step in FortiSOAR™ playbooks and perform automated operations, such as pulling a list of software patches and deploying patches on Device Collections.

 

Version information

Connector Version: 1.0.0

Compatibility with FortiSOAR™ Versions: 4.9.0.0-708 and later

 

Installing the connector

For the procedure to install a connector, click here.

 

Prerequisites to configuring the connector

Configuring the connector

For the procedure to configure a connector, click here.

 

Configuration parameters

In CyOPs™, on the Connectors page, select the Microsoft SCCM connector and click Configure to configure the following parameters:

 

Parameter Description
Address IP address of the Microsoft SCCM server to which you will connect and perform the automated operations.
Username Username to access the Microsoft SCCM server.
Password Password to access the Microsoft SCCM server.
WinRM Port WinRM Port on the Microsoft SCCM server.
WinRM Protocol Protocol used for the remote connection, choose between http or https.
By default, https is used.
Do Not Fail On WinRM command failure The default behavior is that all operations of the Microsoft SCCM connector fail if the corresponding Powershell command executed returns a non-0 status code.
If you want to check the error message and take subsequent actions in the playbook based on the error, set this value to True. In such a case the connector operations do not fail and they return the following JSON response: {‘op_status’: -1, ‘result’: ‘<error message>’}. You can check the status and the result in the subsequent playbook step.
By default, this option is set to False.
Verify SSL Specifies whether the SSL certificate for the server is to be verified or not.
By default, this option is set as True.

 

 

Actions supported by the connector

The following automated operations can be included in playbooks and you can also use the annotations to access operations from FortiSOAR™ release 4.10.0 onwards:

 

Function Description Annotation and Category
Get All Software Updates Fetches a list of Software Updates available on the SCCM server. get_patches
Investigation
Get All Device Collections Fetches a list of Device Collections available on the SCCM server. get_devices
Investigation
Deploy Patch Deploys a software patch that you specify on all clients belonging to a device group that you specify. deploy_patch
Remediation

 

operation: Get All Software Updates

Input parameters

None.

Output

The JSON output has the following format:

 

{
    ‘op_status’: <command exit status>,
    ‘result’: ‘<json list of all software update objects; or the error message in case of failure>’
}

 

Following image displays a sample output: 

Sample output of the Get All Software Updates operation

 

operation: Get All Device Collections

Input parameters

None.

Output

The JSON output has the following format:

 

{
    ‘op_status’: <command exit status>,
    ‘result’: ‘<json list of all device collection objects; or the error message in case of failure>’
}

 

Following image displays a sample output: 

Sample output of the Get All Device Collections operation 

operation: Deploy Patch

Input parameters

 

Parameter Description
Software Patch Name Name of the software patch that you want to deploy.
Device Collection Name Name of the Device Collections to which you want the patch to be deployed.

 

Note: For the deployment to be successful, the patch must have been download on the distribution point. 

Output

The JSON output has the following format:

 

{
    ‘op_status’: <command exit status>,
    ‘result’: ‘<json list of all deployment attributes; or the error message in case of failure>’
}

 

Following image displays a sample output: 

Sample output of the Deploy Patch operation

 

Included playbooks

The Sample - Microsoft SCCM - 1.0.0 playbook collection comes bundled with the Microsoft SCCM connector. This playbook contains steps using which you can perform all supported actions. You can see the bundled playbooks in the Automation > Playbooks section in FortiSOAR™ after importing the Microsoft SCCM connector.

Note: If you are planning to use any of the sample playbooks in your environment, ensure that you clone those playbooks and move them to a different collection since the sample playbook collection gets deleted during connector upgrade and delete.