Tufin v1.0.0

About the connector

The Tufin connector enables you to search for and enforce network security policies, perform network topology searches, and query network device information across managed firewalls, SDNs and cloud environments.

This document provides information about the Tufin connector, which facilitates automated interactions, with a Tufin server using FortiSOAR™ playbooks. Add the Tufin connector as a step in FortiSOAR™ playbooks and perform automated operations, such as searching the Tufin topology map, resolving an IP address to network object(s), etc.

For more information on the integration, see https://www.tufin.com/partners/technology/platform/tufin-and-fortinet

Contact support@tufin.com for assistance on the connector

Version information

Connector Version: 1.0.0

FortiSOAR™ Versions Tested on: 6.4.1-2133

Authored By: Tufin

Certified: Yes

Installing the connector

From FortiSOAR™ 5.0.0 onwards, use the Connector Store to install the connector. For the detailed procedure to install a connector, click here.
You can also use the following yum command as a root user to install connectors from an SSH session:

yum install cyops-connector-tufin

Prerequisites to configuring the connector

• You must have the IP address or hostname of SecureTrack server to which you will connect and perform automated operations and credentials (username-password pair) to access that server.
• You should have credentials of SecureChange with permission to view all tickets, if applicable.
• You should have credentials of SecureApp, if applicable.
• To access the FortiSOAR™ UI, ensure that port 443 is open through the firewall for the FortiSOAR™ instance.

Configuring the connector

For the procedure to configure a connector, click here.

Configuration parameters

In FortiSOAR™, on the Connectors page, click the Tufin connector row (if you are in the Grid view on the Connectors page) and in the Configurations tab enter the required configuration details:

Parameter	Description
SecureTrack Server	IP or Hostname of SecureTrack server
SecureTrack User	SecureTrack user name
SecureTrack Password	SecureTrack password
SecureChange Server	IP or Hostname of SecureChange server
SecureChange User	SecureChange user name
SecureChange Password	SecureChange password
SecureApp Server	IP or Hostname of SecureApp server
SecureApp User	SecureApp user name
SecureApp Password	SecureApp password
Verify SSL Certificate	Specifies whether the SSL certificate for the server is to be verified or not.

Actions supported by the connector

The following automated operations can be included in playbooks:

Function	Description
Search Topology	Searches the Tufin Topology Map.
Search Topology Image	Searches the Tufin Topology Map, and returns an image.
Resolve Object	Resolves an IP address to a Network Object
Policy Search	Searches the policies of all devices managed by Tufin.
Get Zone for IP	Matches the IP address to the assigned Tufin Zone.
Submit Change Request	Submits a change request to SecureChange.
Search Devices	Searches SecureTrack devices.
Get Change Info	Retrieves information for a SecureChange Ticket. Note: The Ticket ID is retrieved from the Tufin UI.
Search Applications	Searches SecureApp applications.
Search Application Connections	Retrieves connections of the SecureApp application.

operation: Search Topology

Input parameters

Parameter	Description
Source	Source address/addresses (can contain multiple, comma separated values) e.g. 192.168.100.32 or 192.168.100.32/32,192.168.100.33, based on which you want to search the tufin topology map.
Destination	Destination address/addresses (may contain multiple, comma separated values) e.g. 192.168.100.32 or 192.168.100.32/32,192.168.100.33, based on which you want to search the tufin topology map.
Service	Service parameter can be a port (for example, “tcp:80”, “any”) or an application (for example, “Skype”, “Facebook”), based on which you want to search the tufin topology map.

Output

The output contains the following populated JSON schema:
{
"trafficAllowed": false,
"path": [
{
"id": 0,
"name": "",
"type": "",
"vendor": "",
"incomingInterfaces": [
{
"name": "",
"ip": ""
}
],
"nextDevices": [
{
"name": "",
"routes": [
{
"routeDestination": "",
"nextHopIp": "",
"outgoingInterfaceName": ""
}
]
}
],
"natList": [],
"ipsecList": [],
"pbrEntryList": [],
"bindings": [
{
"name": "",
"rules": [
{
"ruleIdentifier": "",
"sources": [],
"sourceNegated": false,
"destinations": [],
"destNegated": false,
"services": [],
"serviceNegated": false,
"applications": [],
"users": [],
"action": ""
},
{
"ruleIdentifier": "",
"sources": [],
"sourceNegated": false,
"destinations": [],
"destNegated": false,
"services": [],
"serviceNegated": false,
"action": ""
}
],
"enforcedOn": []
}
]
}
]
}

operation: Search Topology Image

Input parameters

Parameter	Description
Source	Source address/addresses (may contain multiple, comma separated values) e.g. 192.168.100.32 or 192.168.100.32/32,192.168.100.33, based on which you want to search the tufin topology map.
Destination	Destination address/addresses (may contain multiple, comma separated values) e.g. 192.168.100.32 or 192.168.100.32/32,192.168.100.33, based on which you want to search the tufin topology map.
Serivce	Service parameter can be a port (for example, “tcp:80”, “any”) or an application (for example, “Skype”, “Facebook”), based on which you want to search the tufin topology map.

Output

The output contains the following populated JSON schema:
{
"@context": "",
"@id": "",
"@type": "",
"name": "",
"description": "",
"file": {},
"type": "",
"createUser": {},
"createDate": 0,
"modifyUser": {},
"modifyDate": 0,
"recordTags": "",
"id": 0
}

operation: Resolve Object

Input parameters

Parameter	Description
IP Address	IP Address that you want to resolve to a network object.

Output

The output contains the following populated JSON schema:
{
"output": [
{
"object_name": "",
"device": "",
"comment": ""
}
]
}

operation: Policy Search

Input parameters

Parameter	Description
Search	The text format is for a field is fieldname:text for example source:192.168.1.1 or bareword for free text search, based on which you want to search policies of all devices managed by Tufin. See the search info documentation in Securetrack Policy Browser page for more information.

Output

The output contains the following populated JSON schema:
{
"output": [
{
"Device": "",
"Source": [],
"Source Service": [],
"Destination": [],
"Destination Service": [],
"Action": ""
}
]
}

operation: Get Zone for IP

Input parameters

Parameter	Description
IP Address	IP Address used to query for the Tufin zone.

Output

The output contains the following populated JSON schema:
{
"output": [
{
"Name": "",
"ID": ""
}
]
}

operation: Submit Change Request

Input parameters

Parameter	Description
Request Type	Type of change request you want to submit to SecureChange.
Request Priority	Priority of change request you want to submit to SecureChange.
Source or Target	Source or target IP or FQDN
Destination (Mandatory for FW Change)	Destination (Mandatory for FW Change)
Protocol (Mandatory for FW Change)	Protocol (Mandatory for FW Change)
Port (Mandatory for FW Change)	Port (Mandatory for FW Change)
Action (Mandatory for FW Change)	Action (Mandatory for FW Change)
Comment	Comment to be added to the Ticket you want to submit to SecureChange.
Subject	Subject to be added to the Ticket you want to submit to SecureChange.

Output

The output contains the following populated JSON schema:
{
"status": ""
}

operation: Search Devices

Input parameters

Parameter	Description
Device Name	Name of the device that you want to search in SecureTrack.
Device IP	IP of the device that you want to search in SecureTrack.
Device Vendor	Vendor of the device that you want to search in SecureTrack.
Device Model	Model of the device that you want to search in SecureTrack.

Output

The output contains the following populated JSON schema:
{
"output": [
{
"ID": "",
"Name": "",
"IP": "",
"Vendor": "",
"Model": ""
}
]
}

operation: Get Change Info

Input parameters

Parameter	Description
Ticket ID	SecureChange ticket ID whose change information you want to retrieve from SecureChange.

Output

The output contains the following populated JSON schema:
{
"ID": "",
"Subject": "",
"Priority": "",
"Status": "",
"CurrentStep": "",
"Requester": "",
"WorkflowID": 0,
"WorkflowName": ""
}

operation: Search Applications

Input parameters

Parameter	Description
Application Name	Name of the application that you want to search for in SecureApp.

Output

The output contains the following populated JSON schema:
{
"ID": 0,
"Name": "",
"Status": "",
"Decommissioned": false,
"OwnerID": 0,
"OwnerName": "",
"Comments": ""
}

operation: Search Application Connections

Input parameters

Parameter	Description
Application ID	ID of the application whose connectors you want to search for in SecureApp.

Output

The output contains the following populated JSON schema:

{
"ID": 0,
"Name": "",
"ApID": 0,
"Status": "",
"External": false,
"Source": [
{
"ID": 0,
"Type": "",
"Name": ""
}
],
"Destination": [
{
"ID": 0,
"Type": "",
"Name": ""
}
],
"Service": [
{
"ID": 0,
"Name": ""
}
],
"Comment": ""
}

Included playbooks

The Sample-Tufin-1.0.0 playbook collection comes bundled with the Tufin connector. This playbook contains steps using which you can perform all supported actions. You can see the bundled playbooks in the Automation > Playbooks section in FortiSOAR™ after importing the Tufin connector.

• Contain Host
• Enrich IP Address
• Enrich Source and Destination IP Addresses

Note: If you are planning to use any of the sample playbooks in your environment, ensure that you clone those playbooks and move them to a different collection, since the sample playbook collection gets deleted during connector upgrade and delete.

Troubleshooting Information

Contact Tufin support at support@tufin.com, or submit a request through the Tufin portal.