Fortinet Document Library

Version:


Table of Contents

1.0.0
Copy Link

About the connector

The Spamhaus Project is responsible for compiling several widely used anti-spam lists. Many internet service providers (ISPs) and email servers use these anti-spam lists to reduce the amount of spam that reaches their users. Spamhaus is a real-time threat and reputation blocklists which are responsible for blocking the vast majority of spam and malware sent out on the Internet. Spamhaus data is used today by the majority of the Internet's ISPs, email service providers, corporations, universities, governments and military networks.

 

This document provides information about the Spamhaus connector, which facilitates automated interactions, with a Spamhaus server using FortiSOAR™ playbooks. Add the Spamhaus connector as a step in FortiSOAR™ playbooks and perform automated operations, such as looking up domains, IP addresses, and URLs to check if they are present in the Spamhaus blocklists.

 

Version information

Connector Version: 1.0.0

Compatibility with FortiSOAR™ Versions: 4.10.3-161 and later

 

Installing the connector

For the procedure to install a connector, click here.

 

 

Prerequisites to configuring the connector

To access the FortiSOAR™ UI, ensure that port 443 is open through the firewall for the FortiSOAR™ instance.

 

Configuring the connector

 

You do not require to configure this connector since it looks up the freely accessible Spamhaus blocklists.

For the description of the Connector page and other details, click here.

 

Actions supported by the connector

The following automated operations can be included in playbooks and you can also use the annotations to access operations from FortiSOAR™ release 4.10.0 onwards:

 

Function Description Annotation and Category
Lookup Domain Looks up the domain name that you have specified to check if that domain is currently listed in the live Spamhaus Domain Blocklist (DBL) and retrieves the reputation of the specified domain from Spamhaus. get_domain_reputation
Investigation
Lookup IP Looks up the IP address that you have specified to check if that IP address is currently listed in the live Spamhaus IP Blocklist and retrieves the reputation of the specified IP address from Spamhaus. get_ip_reputation
Investigation
Lookup URL Looks up the URL that you have specified to check if that URL is currently listed in the live Spamhaus Blocklist and retrieves the reputation of the specified URL from Spamhaus. get_url_reputation
Investigation

 

operation: Lookup Domain

Input parameters

 

Parameter Description
Domain Name of the domain that you want to check against the live Spamhaus Domain Blocklist.

 

Output

The JSON output contains the reputation information, for the domain you have specified, retrieved from Spamhaus.

Following image displays a sample output:

 

Sample output of the Lookup Domain operation

 

operation: Lookup IP

Input parameters

 

Parameter Description
IP IP address that you want to check against the live Spamhaus IP Blocklist.

 

Output

The JSON output contains the reputation information, for the IP address you have specified, retrieved from Spamhaus.

Following image displays a sample output:

 

Sample output of the Lookup IP operation

 

operation: Lookup URL

Input parameters

 

Parameter Description
URL URL that you want to check against the live Spamhaus Blocklist.

 

Output

The JSON output contains the reputation information, for the URL you have specified, retrieved from Spamhaus.

Following image displays a sample output:

 

Sample output of the Lookup URL operation

 

Included playbooks

The Sample - Spamhaus - 1.0.0 playbook collection comes bundled with the Spamhaus connector. This playbook contains steps using which you can perform all supported actions. You can see the bundled playbooks in the Automation > Playbooks section in FortiSOAR™ after importing the Spamhaus connector.

  • Lookup Domain
  • Lookup IP
  • Lookup URL

Note: If you are planning to use any of the sample playbooks in your environment, ensure that you clone those playbooks and move them to a different collection since the sample playbook collection gets deleted during connector upgrade and delete.

 

About the connector

The Spamhaus Project is responsible for compiling several widely used anti-spam lists. Many internet service providers (ISPs) and email servers use these anti-spam lists to reduce the amount of spam that reaches their users. Spamhaus is a real-time threat and reputation blocklists which are responsible for blocking the vast majority of spam and malware sent out on the Internet. Spamhaus data is used today by the majority of the Internet's ISPs, email service providers, corporations, universities, governments and military networks.

 

This document provides information about the Spamhaus connector, which facilitates automated interactions, with a Spamhaus server using FortiSOAR™ playbooks. Add the Spamhaus connector as a step in FortiSOAR™ playbooks and perform automated operations, such as looking up domains, IP addresses, and URLs to check if they are present in the Spamhaus blocklists.

 

Version information

Connector Version: 1.0.0

Compatibility with FortiSOAR™ Versions: 4.10.3-161 and later

 

Installing the connector

For the procedure to install a connector, click here.

 

 

Prerequisites to configuring the connector

To access the FortiSOAR™ UI, ensure that port 443 is open through the firewall for the FortiSOAR™ instance.

 

Configuring the connector

 

You do not require to configure this connector since it looks up the freely accessible Spamhaus blocklists.

For the description of the Connector page and other details, click here.

 

Actions supported by the connector

The following automated operations can be included in playbooks and you can also use the annotations to access operations from FortiSOAR™ release 4.10.0 onwards:

 

Function Description Annotation and Category
Lookup Domain Looks up the domain name that you have specified to check if that domain is currently listed in the live Spamhaus Domain Blocklist (DBL) and retrieves the reputation of the specified domain from Spamhaus. get_domain_reputation
Investigation
Lookup IP Looks up the IP address that you have specified to check if that IP address is currently listed in the live Spamhaus IP Blocklist and retrieves the reputation of the specified IP address from Spamhaus. get_ip_reputation
Investigation
Lookup URL Looks up the URL that you have specified to check if that URL is currently listed in the live Spamhaus Blocklist and retrieves the reputation of the specified URL from Spamhaus. get_url_reputation
Investigation

 

operation: Lookup Domain

Input parameters

 

Parameter Description
Domain Name of the domain that you want to check against the live Spamhaus Domain Blocklist.

 

Output

The JSON output contains the reputation information, for the domain you have specified, retrieved from Spamhaus.

Following image displays a sample output:

 

Sample output of the Lookup Domain operation

 

operation: Lookup IP

Input parameters

 

Parameter Description
IP IP address that you want to check against the live Spamhaus IP Blocklist.

 

Output

The JSON output contains the reputation information, for the IP address you have specified, retrieved from Spamhaus.

Following image displays a sample output:

 

Sample output of the Lookup IP operation

 

operation: Lookup URL

Input parameters

 

Parameter Description
URL URL that you want to check against the live Spamhaus Blocklist.

 

Output

The JSON output contains the reputation information, for the URL you have specified, retrieved from Spamhaus.

Following image displays a sample output:

 

Sample output of the Lookup URL operation

 

Included playbooks

The Sample - Spamhaus - 1.0.0 playbook collection comes bundled with the Spamhaus connector. This playbook contains steps using which you can perform all supported actions. You can see the bundled playbooks in the Automation > Playbooks section in FortiSOAR™ after importing the Spamhaus connector.

Note: If you are planning to use any of the sample playbooks in your environment, ensure that you clone those playbooks and move them to a different collection since the sample playbook collection gets deleted during connector upgrade and delete.