Fortinet black logo

Symantec ICA v1.0.0

1.0.0
Copy Link
Copy Doc ID 7c72b0dc-1450-4ee8-9d43-28d7005af836:1

About the connector

Symantec ICA is an advanced cyber risk analytics solution that helps organizations identify and act on risks.

This document provides information about the Symantec ICA connector, which facilitates automated interactions with Symantec ICA using FortiSOAR™ playbooks. Add the Symantec ICA connector as a step in FortiSOAR™ playbooks and perform automated operations, such as retrieving risk scores for entities such as users, IPs, and hosts from Symantec ICA.

Version information

Connector Version: 1.0.0

Authored By: Bay Dynamics

Certified: No

Installing the connector

All connectors provided by FortiSOAR™ are delivered using a FortiSOAR™ repository. Therefore, you must set up your FortiSOAR™ repository and use the yum command to install connectors:

yum install cyops-connector-symantec-ica

For the detailed procedure to install a connector, click here.

Configuring the connector

For the procedure to configure a connector, click here.

Actions supported by the connector

The following automated operations can be included in playbooks and you can also use the annotations to access operations from FortiSOAR™ release 4.10.0 onwards:

Function Description Annotation and Category
Get Host Risk Retrieves the latest risk score for a host from Symantec ICA, based on the hostname you have specified. get_host_risk
Investigation
Get IP Risk Retrieves the latest risk score for an IP address from Symantec ICA, based on the IP address you have specified. get_ip_risk
Investigation
Get User Risk Retrieves the latest risk score for a user from Symantec ICA, based on the username you have specified. get_user_risk
Investigation
Get Risk Model Instances Retrieves the details for risk model instances from Symantec ICA. get_risk_model_instances
Investigation
Get Risk Model Instance Retrieves the details for a risk model instance from Symantec ICA, based on the risk model instance ID you have specified. get_risk_model_details
Investigation
Get Action Plans Retrieves the details for action plans from Symantec ICA. get_action_plans
Investigation
Create Comment on Action Plan Creates a comment on an action plan in Symantec ICA, based on the risk model action plan GUID you have specified. set_action_plan_comment
Investigation
Set Event Classifications Sets classifications for events in Symantec ICA, based on the risk model instance ID, Card Instance ID, and Focus Entity ID you have specified. set_event_classifications
Investigation
Set Event Mitigations Sets mitigations for events in Symantec ICA, based on the risk model instance ID, Card Instance ID, and Focus Entity ID you have specified. set_event_mitigations
Investigation

Included playbooks

The Sample - Symantec-ICA - 1.0.0 playbook collection comes bundled with the Symantec ICA connector. This playbook contains steps using which you can perform all supported actions. You can see the bundled playbooks in the Automation > Playbooks section in FortiSOAR™ after importing the Symantec ICA connector.

Note: If you are planning to use any of the sample playbooks in your environment, ensure that you clone those playbooks and move them to a different collection, since the sample playbook collection gets deleted during connector upgrade and delete.

Checkout this video for additional understanding:

Previous
Next

About the connector

Symantec ICA is an advanced cyber risk analytics solution that helps organizations identify and act on risks.

This document provides information about the Symantec ICA connector, which facilitates automated interactions with Symantec ICA using FortiSOAR™ playbooks. Add the Symantec ICA connector as a step in FortiSOAR™ playbooks and perform automated operations, such as retrieving risk scores for entities such as users, IPs, and hosts from Symantec ICA.

Version information

Connector Version: 1.0.0

Authored By: Bay Dynamics

Certified: No

Installing the connector

All connectors provided by FortiSOAR™ are delivered using a FortiSOAR™ repository. Therefore, you must set up your FortiSOAR™ repository and use the yum command to install connectors:

yum install cyops-connector-symantec-ica

For the detailed procedure to install a connector, click here.

Configuring the connector

For the procedure to configure a connector, click here.

Actions supported by the connector

The following automated operations can be included in playbooks and you can also use the annotations to access operations from FortiSOAR™ release 4.10.0 onwards:

Function Description Annotation and Category
Get Host Risk Retrieves the latest risk score for a host from Symantec ICA, based on the hostname you have specified. get_host_risk
Investigation
Get IP Risk Retrieves the latest risk score for an IP address from Symantec ICA, based on the IP address you have specified. get_ip_risk
Investigation
Get User Risk Retrieves the latest risk score for a user from Symantec ICA, based on the username you have specified. get_user_risk
Investigation
Get Risk Model Instances Retrieves the details for risk model instances from Symantec ICA. get_risk_model_instances
Investigation
Get Risk Model Instance Retrieves the details for a risk model instance from Symantec ICA, based on the risk model instance ID you have specified. get_risk_model_details
Investigation
Get Action Plans Retrieves the details for action plans from Symantec ICA. get_action_plans
Investigation
Create Comment on Action Plan Creates a comment on an action plan in Symantec ICA, based on the risk model action plan GUID you have specified. set_action_plan_comment
Investigation
Set Event Classifications Sets classifications for events in Symantec ICA, based on the risk model instance ID, Card Instance ID, and Focus Entity ID you have specified. set_event_classifications
Investigation
Set Event Mitigations Sets mitigations for events in Symantec ICA, based on the risk model instance ID, Card Instance ID, and Focus Entity ID you have specified. set_event_mitigations
Investigation

Included playbooks

The Sample - Symantec-ICA - 1.0.0 playbook collection comes bundled with the Symantec ICA connector. This playbook contains steps using which you can perform all supported actions. You can see the bundled playbooks in the Automation > Playbooks section in FortiSOAR™ after importing the Symantec ICA connector.

Note: If you are planning to use any of the sample playbooks in your environment, ensure that you clone those playbooks and move them to a different collection, since the sample playbook collection gets deleted during connector upgrade and delete.

Checkout this video for additional understanding:

Previous
Next