Fortinet black logo

Skybox Security

Skybox Security v1.0.0

1.0.0
Copy Link
Copy Doc ID 87b8fbb8-a4bb-11ea-8b7d-00505692583a:17

About the connector

Skybox Security arms security professionals with the broadest platform of solutions for security operations, analytics, and reporting.

This document provides information about the FortiSOAR™ connector, which facilitates automated interactions, with a Skybox Security server using FortiSOAR™ playbooks. Add the Skybox Security connector as a step in FortiSOAR™ playbooks and perform automated operations such as looking up the existence of the IP address among the model's assets and retrieving information of the asset from Skybox.

Version information

Connector Version: 1.0.0

FortiSOAR™ Version Tested on: 6.4.0-1555

Skybox Security Version Tested on: 10.1.205 (Build 41)

Authored By: Fortinet

Certified: Yes

Installing the connector

From FortiSOAR™ 5.0.0 onwards, use the Connector Store to install the connector. For the detailed procedure to install a connector, click here.
You can also use the yum command to install connectors. Connectors provided by FortiSOAR™ are delivered using a FortiSOAR™ repository. Therefore, you must set up your FortiSOAR™ repository and run the yum command as a root user to install connectors:

yum install cyops-connector-skybox-security

Prerequisites to configuring the connector

  • You must have the URL of Skybox Security server to which you will connect and perform automated operations and credentials to access that server.
  • To access the FortiSOAR™ UI, ensure that port 443 is open through the firewall for the FortiSOAR™ instance.

Configuring the connector

For the procedure to configure a connector, click here.

Configuration parameters

In FortiSOAR™, on the Connectors page, click the Skybox Security connector row (if you are in the Grid view on the Connectors page) and in the Configurations tab enter the required configuration details:

Parameter Description
Server URL URL of the Skybox security to which you will connect and perform automated operations.
Username Username to access the Skybox server to which you will connect and perform the automated operations.
Password Password to access the Skybox server to which you will connect and perform the automated operations.
Port Port number used to access the Skybox server to which you will connect and perform the automated operations.
Verify SSL Specifies whether the SSL certificate for the server is to be verified or not.

Actions supported by the connector

The following automated operations can be included in playbooks and you can also use the annotations to access operations from FortiSOAR™ release 4.10.0 and onwards:

Function Description Annotation and Category
Lookup IP Checks Skybox for the existence of the IP address among the model's assets based on the IP address you have specified. lookup_ip_address
Investigation
Get Assets Retrieves information of the asset from Skybox based on the asset name you have specified. get_assets_by_names
Investigation

operation: Lookup IP

Input parameters

Parameter Description
IP Address IP address that you want to lookup on Skybox.

Output

The output contains the following populated JSON schema:
{
"assets": [
{
"accessRules": "",
"id": "",
"interfaces": "",
"name": "",
"netInterface": [
{
"id": "",
"ipAddress": "",
"name": "",
"type": ""
}
],
"os": "",
"osVendor": "",
"osVersion": "",
"primaryIp": "",
"routingRules": "",
"services": "",
"status": "",
"type": "",
"vulnerabilities": ""
}
],
"status": {
"code": ""
}
}

operation: Get Assets

Input parameters

Parameter Description
Asset Name Name of the asset whose information you want to retrieve from Skybox.

Output

The output contains the following populated JSON schema:
{
"assets": [
{
"accessRules": "",
"id": "",
"interfaces": "",
"name": "",
"netInterface": [
{
"id": "",
"ipAddress": "",
"name": "",
"type": ""
}
],
"os": "",
"osVendor": "",
"osVersion": "",
"primaryIp": "",
"routingRules": "",
"services": "",
"status": "",
"type": "",
"vulnerabilities": ""
}
],
"status": {
"code": ""
}
}

Included playbooks

The Sample - Skybox Security - 1.0.0 playbook collection comes bundled with the Skybox Security connector. These playbooks contain steps using which you can perform all supported actions. You can see bundled playbooks in the Automation > Playbooks section in FortiSOAR™ after importing the Skybox Security connector.

  • Get Assets
  • Lookup IP

Note: If you are planning to use any of the sample playbooks in your environment, ensure that you clone those playbooks and move them to a different collection since the sample playbook collection gets deleted during the connector upgrade and delete.

Previous
Next

About the connector

Skybox Security arms security professionals with the broadest platform of solutions for security operations, analytics, and reporting.

This document provides information about the FortiSOAR™ connector, which facilitates automated interactions, with a Skybox Security server using FortiSOAR™ playbooks. Add the Skybox Security connector as a step in FortiSOAR™ playbooks and perform automated operations such as looking up the existence of the IP address among the model's assets and retrieving information of the asset from Skybox.

Version information

Connector Version: 1.0.0

FortiSOAR™ Version Tested on: 6.4.0-1555

Skybox Security Version Tested on: 10.1.205 (Build 41)

Authored By: Fortinet

Certified: Yes

Installing the connector

From FortiSOAR™ 5.0.0 onwards, use the Connector Store to install the connector. For the detailed procedure to install a connector, click here.
You can also use the yum command to install connectors. Connectors provided by FortiSOAR™ are delivered using a FortiSOAR™ repository. Therefore, you must set up your FortiSOAR™ repository and run the yum command as a root user to install connectors:

yum install cyops-connector-skybox-security

Prerequisites to configuring the connector

Configuring the connector

For the procedure to configure a connector, click here.

Configuration parameters

In FortiSOAR™, on the Connectors page, click the Skybox Security connector row (if you are in the Grid view on the Connectors page) and in the Configurations tab enter the required configuration details:

Parameter Description
Server URL URL of the Skybox security to which you will connect and perform automated operations.
Username Username to access the Skybox server to which you will connect and perform the automated operations.
Password Password to access the Skybox server to which you will connect and perform the automated operations.
Port Port number used to access the Skybox server to which you will connect and perform the automated operations.
Verify SSL Specifies whether the SSL certificate for the server is to be verified or not.

Actions supported by the connector

The following automated operations can be included in playbooks and you can also use the annotations to access operations from FortiSOAR™ release 4.10.0 and onwards:

Function Description Annotation and Category
Lookup IP Checks Skybox for the existence of the IP address among the model's assets based on the IP address you have specified. lookup_ip_address
Investigation
Get Assets Retrieves information of the asset from Skybox based on the asset name you have specified. get_assets_by_names
Investigation

operation: Lookup IP

Input parameters

Parameter Description
IP Address IP address that you want to lookup on Skybox.

Output

The output contains the following populated JSON schema:
{
"assets": [
{
"accessRules": "",
"id": "",
"interfaces": "",
"name": "",
"netInterface": [
{
"id": "",
"ipAddress": "",
"name": "",
"type": ""
}
],
"os": "",
"osVendor": "",
"osVersion": "",
"primaryIp": "",
"routingRules": "",
"services": "",
"status": "",
"type": "",
"vulnerabilities": ""
}
],
"status": {
"code": ""
}
}

operation: Get Assets

Input parameters

Parameter Description
Asset Name Name of the asset whose information you want to retrieve from Skybox.

Output

The output contains the following populated JSON schema:
{
"assets": [
{
"accessRules": "",
"id": "",
"interfaces": "",
"name": "",
"netInterface": [
{
"id": "",
"ipAddress": "",
"name": "",
"type": ""
}
],
"os": "",
"osVendor": "",
"osVersion": "",
"primaryIp": "",
"routingRules": "",
"services": "",
"status": "",
"type": "",
"vulnerabilities": ""
}
],
"status": {
"code": ""
}
}

Included playbooks

The Sample - Skybox Security - 1.0.0 playbook collection comes bundled with the Skybox Security connector. These playbooks contain steps using which you can perform all supported actions. You can see bundled playbooks in the Automation > Playbooks section in FortiSOAR™ after importing the Skybox Security connector.

Note: If you are planning to use any of the sample playbooks in your environment, ensure that you clone those playbooks and move them to a different collection since the sample playbook collection gets deleted during the connector upgrade and delete.

Previous
Next