The Tufin connector enables you to search for and enforce network security policies, perform network topology searches, and query network device information across managed firewalls, SDNs and cloud environments.
This document provides information about the Tufin connector, which facilitates automated interactions, with a Tufin server using FortiSOAR™ playbooks. Add the Tufin connector as a step in FortiSOAR™ playbooks and perform automated operations, such as searching the Tufin topology map, resolving an IP address to network object(s), etc.
For more information on the integration, see https://www.tufin.com/partners/technology/platform/tufin-and-fortinet
Contact support@tufin.com for assistance on the connector
Connector Version: 1.0.0
FortiSOAR™ Versions Tested on: 6.4.1-2133
Authored By: Tufin
Certified: Yes
From FortiSOAR™ 5.0.0 onwards, use the Connector Store to install the connector. For the detailed procedure to install a connector, click here.
You can also use the following yum command as a root
user to install connectors from an SSH session:
yum install cyops-connector-tufin
For the procedure to configure a connector, click here.
In FortiSOAR™, on the Connectors page, click the Tufin connector row (if you are in the Grid view on the Connectors page) and in the Configurations tab enter the required configuration details:
Parameter | Description |
---|---|
SecureTrack Server | IP or Hostname of SecureTrack server |
SecureTrack User | SecureTrack user name |
SecureTrack Password | SecureTrack password |
SecureChange Server | IP or Hostname of SecureChange server |
SecureChange User | SecureChange user name |
SecureChange Password | SecureChange password |
SecureApp Server | IP or Hostname of SecureApp server |
SecureApp User | SecureApp user name |
SecureApp Password | SecureApp password |
Verify SSL Certificate | Specifies whether the SSL certificate for the server is to be verified or not. |
The following automated operations can be included in playbooks:
Function | Description |
---|---|
Search Topology | Searches the Tufin Topology Map. |
Search Topology Image | Searches the Tufin Topology Map, and returns an image. |
Resolve Object | Resolves an IP address to a Network Object |
Policy Search | Searches the policies of all devices managed by Tufin. |
Get Zone for IP | Matches the IP address to the assigned Tufin Zone. |
Submit Change Request | Submits a change request to SecureChange. |
Search Devices | Searches SecureTrack devices. |
Get Change Info | Retrieves information for a SecureChange Ticket. Note: The Ticket ID is retrieved from the Tufin UI. |
Search Applications | Searches SecureApp applications. |
Search Application Connections | Retrieves connections of the SecureApp application. |
Parameter | Description |
---|---|
Source | Source address/addresses (can contain multiple, comma separated values) e.g. 192.168.100.32 or 192.168.100.32/32,192.168.100.33, based on which you want to search the tufin topology map. |
Destination | Destination address/addresses (may contain multiple, comma separated values) e.g. 192.168.100.32 or 192.168.100.32/32,192.168.100.33, based on which you want to search the tufin topology map. |
Service | Service parameter can be a port (for example, “tcp:80”, “any”) or an application (for example, “Skype”, “Facebook”), based on which you want to search the tufin topology map. |
The output contains the following populated JSON schema:
{
"trafficAllowed": false,
"path": [
{
"id": 0,
"name": "",
"type": "",
"vendor": "",
"incomingInterfaces": [
{
"name": "",
"ip": ""
}
],
"nextDevices": [
{
"name": "",
"routes": [
{
"routeDestination": "",
"nextHopIp": "",
"outgoingInterfaceName": ""
}
]
}
],
"natList": [],
"ipsecList": [],
"pbrEntryList": [],
"bindings": [
{
"name": "",
"rules": [
{
"ruleIdentifier": "",
"sources": [],
"sourceNegated": false,
"destinations": [],
"destNegated": false,
"services": [],
"serviceNegated": false,
"applications": [],
"users": [],
"action": ""
},
{
"ruleIdentifier": "",
"sources": [],
"sourceNegated": false,
"destinations": [],
"destNegated": false,
"services": [],
"serviceNegated": false,
"action": ""
}
],
"enforcedOn": []
}
]
}
]
}
Parameter | Description |
---|---|
Source | Source address/addresses (may contain multiple, comma separated values) e.g. 192.168.100.32 or 192.168.100.32/32,192.168.100.33, based on which you want to search the tufin topology map. |
Destination | Destination address/addresses (may contain multiple, comma separated values) e.g. 192.168.100.32 or 192.168.100.32/32,192.168.100.33, based on which you want to search the tufin topology map. |
Serivce | Service parameter can be a port (for example, “tcp:80”, “any”) or an application (for example, “Skype”, “Facebook”), based on which you want to search the tufin topology map. |
The output contains the following populated JSON schema:
{
"@context": "",
"@id": "",
"@type": "",
"name": "",
"description": "",
"file": {},
"type": "",
"createUser": {},
"createDate": 0,
"modifyUser": {},
"modifyDate": 0,
"recordTags": "",
"id": 0
}
Parameter | Description |
---|---|
IP Address | IP Address that you want to resolve to a network object. |
The output contains the following populated JSON schema:
{
"output": [
{
"object_name": "",
"device": "",
"comment": ""
}
]
}
Parameter | Description |
---|---|
Search | The text format is for a field is fieldname:text for example source:192.168.1.1 or bareword for free text search, based on which you want to search policies of all devices managed by Tufin. See the search info documentation in Securetrack Policy Browser page for more information. |
The output contains the following populated JSON schema:
{
"output": [
{
"Device": "",
"Source": [],
"Source Service": [],
"Destination": [],
"Destination Service": [],
"Action": ""
}
]
}
Parameter | Description |
---|---|
IP Address | IP Address used to query for the Tufin zone. |
The output contains the following populated JSON schema:
{
"output": [
{
"Name": "",
"ID": ""
}
]
}
Parameter | Description |
---|---|
Request Type | Type of change request you want to submit to SecureChange. |
Request Priority | Priority of change request you want to submit to SecureChange. |
Source or Target | Source or target IP or FQDN |
Destination (Mandatory for FW Change) | Destination (Mandatory for FW Change) |
Protocol (Mandatory for FW Change) | Protocol (Mandatory for FW Change) |
Port (Mandatory for FW Change) | Port (Mandatory for FW Change) |
Action (Mandatory for FW Change) | Action (Mandatory for FW Change) |
Comment | Comment to be added to the Ticket you want to submit to SecureChange. |
Subject | Subject to be added to the Ticket you want to submit to SecureChange. |
The output contains the following populated JSON schema:
{
"status": ""
}
Parameter | Description |
---|---|
Device Name | Name of the device that you want to search in SecureTrack. |
Device IP | IP of the device that you want to search in SecureTrack. |
Device Vendor | Vendor of the device that you want to search in SecureTrack. |
Device Model | Model of the device that you want to search in SecureTrack. |
The output contains the following populated JSON schema:
{
"output": [
{
"ID": "",
"Name": "",
"IP": "",
"Vendor": "",
"Model": ""
}
]
}
Parameter | Description |
---|---|
Ticket ID | SecureChange ticket ID whose change information you want to retrieve from SecureChange. |
The output contains the following populated JSON schema:
{
"ID": "",
"Subject": "",
"Priority": "",
"Status": "",
"CurrentStep": "",
"Requester": "",
"WorkflowID": 0,
"WorkflowName": ""
}
Parameter | Description |
---|---|
Application Name | Name of the application that you want to search for in SecureApp. |
The output contains the following populated JSON schema:
{
"ID": 0,
"Name": "",
"Status": "",
"Decommissioned": false,
"OwnerID": 0,
"OwnerName": "",
"Comments": ""
}
Parameter | Description |
---|---|
Application ID | ID of the application whose connectors you want to search for in SecureApp. |
The output contains the following populated JSON schema:
{
"ID": 0,
"Name": "",
"ApID": 0,
"Status": "",
"External": false,
"Source": [
{
"ID": 0,
"Type": "",
"Name": ""
}
],
"Destination": [
{
"ID": 0,
"Type": "",
"Name": ""
}
],
"Service": [
{
"ID": 0,
"Name": ""
}
],
"Comment": ""
}
The Sample-Tufin-1.0.0
playbook collection comes bundled with the Tufin connector. This playbook contains steps using which you can perform all supported actions. You can see the bundled playbooks in the Automation > Playbooks section in FortiSOAR™ after importing the Tufin connector.
Note: If you are planning to use any of the sample playbooks in your environment, ensure that you clone those playbooks and move them to a different collection, since the sample playbook collection gets deleted during connector upgrade and delete.
Contact Tufin support at support@tufin.com, or submit a request through the Tufin portal.
The Tufin connector enables you to search for and enforce network security policies, perform network topology searches, and query network device information across managed firewalls, SDNs and cloud environments.
This document provides information about the Tufin connector, which facilitates automated interactions, with a Tufin server using FortiSOAR™ playbooks. Add the Tufin connector as a step in FortiSOAR™ playbooks and perform automated operations, such as searching the Tufin topology map, resolving an IP address to network object(s), etc.
For more information on the integration, see https://www.tufin.com/partners/technology/platform/tufin-and-fortinet
Contact support@tufin.com for assistance on the connector
Connector Version: 1.0.0
FortiSOAR™ Versions Tested on: 6.4.1-2133
Authored By: Tufin
Certified: Yes
From FortiSOAR™ 5.0.0 onwards, use the Connector Store to install the connector. For the detailed procedure to install a connector, click here.
You can also use the following yum command as a root
user to install connectors from an SSH session:
yum install cyops-connector-tufin
For the procedure to configure a connector, click here.
In FortiSOAR™, on the Connectors page, click the Tufin connector row (if you are in the Grid view on the Connectors page) and in the Configurations tab enter the required configuration details:
Parameter | Description |
---|---|
SecureTrack Server | IP or Hostname of SecureTrack server |
SecureTrack User | SecureTrack user name |
SecureTrack Password | SecureTrack password |
SecureChange Server | IP or Hostname of SecureChange server |
SecureChange User | SecureChange user name |
SecureChange Password | SecureChange password |
SecureApp Server | IP or Hostname of SecureApp server |
SecureApp User | SecureApp user name |
SecureApp Password | SecureApp password |
Verify SSL Certificate | Specifies whether the SSL certificate for the server is to be verified or not. |
The following automated operations can be included in playbooks:
Function | Description |
---|---|
Search Topology | Searches the Tufin Topology Map. |
Search Topology Image | Searches the Tufin Topology Map, and returns an image. |
Resolve Object | Resolves an IP address to a Network Object |
Policy Search | Searches the policies of all devices managed by Tufin. |
Get Zone for IP | Matches the IP address to the assigned Tufin Zone. |
Submit Change Request | Submits a change request to SecureChange. |
Search Devices | Searches SecureTrack devices. |
Get Change Info | Retrieves information for a SecureChange Ticket. Note: The Ticket ID is retrieved from the Tufin UI. |
Search Applications | Searches SecureApp applications. |
Search Application Connections | Retrieves connections of the SecureApp application. |
Parameter | Description |
---|---|
Source | Source address/addresses (can contain multiple, comma separated values) e.g. 192.168.100.32 or 192.168.100.32/32,192.168.100.33, based on which you want to search the tufin topology map. |
Destination | Destination address/addresses (may contain multiple, comma separated values) e.g. 192.168.100.32 or 192.168.100.32/32,192.168.100.33, based on which you want to search the tufin topology map. |
Service | Service parameter can be a port (for example, “tcp:80”, “any”) or an application (for example, “Skype”, “Facebook”), based on which you want to search the tufin topology map. |
The output contains the following populated JSON schema:
{
"trafficAllowed": false,
"path": [
{
"id": 0,
"name": "",
"type": "",
"vendor": "",
"incomingInterfaces": [
{
"name": "",
"ip": ""
}
],
"nextDevices": [
{
"name": "",
"routes": [
{
"routeDestination": "",
"nextHopIp": "",
"outgoingInterfaceName": ""
}
]
}
],
"natList": [],
"ipsecList": [],
"pbrEntryList": [],
"bindings": [
{
"name": "",
"rules": [
{
"ruleIdentifier": "",
"sources": [],
"sourceNegated": false,
"destinations": [],
"destNegated": false,
"services": [],
"serviceNegated": false,
"applications": [],
"users": [],
"action": ""
},
{
"ruleIdentifier": "",
"sources": [],
"sourceNegated": false,
"destinations": [],
"destNegated": false,
"services": [],
"serviceNegated": false,
"action": ""
}
],
"enforcedOn": []
}
]
}
]
}
Parameter | Description |
---|---|
Source | Source address/addresses (may contain multiple, comma separated values) e.g. 192.168.100.32 or 192.168.100.32/32,192.168.100.33, based on which you want to search the tufin topology map. |
Destination | Destination address/addresses (may contain multiple, comma separated values) e.g. 192.168.100.32 or 192.168.100.32/32,192.168.100.33, based on which you want to search the tufin topology map. |
Serivce | Service parameter can be a port (for example, “tcp:80”, “any”) or an application (for example, “Skype”, “Facebook”), based on which you want to search the tufin topology map. |
The output contains the following populated JSON schema:
{
"@context": "",
"@id": "",
"@type": "",
"name": "",
"description": "",
"file": {},
"type": "",
"createUser": {},
"createDate": 0,
"modifyUser": {},
"modifyDate": 0,
"recordTags": "",
"id": 0
}
Parameter | Description |
---|---|
IP Address | IP Address that you want to resolve to a network object. |
The output contains the following populated JSON schema:
{
"output": [
{
"object_name": "",
"device": "",
"comment": ""
}
]
}
Parameter | Description |
---|---|
Search | The text format is for a field is fieldname:text for example source:192.168.1.1 or bareword for free text search, based on which you want to search policies of all devices managed by Tufin. See the search info documentation in Securetrack Policy Browser page for more information. |
The output contains the following populated JSON schema:
{
"output": [
{
"Device": "",
"Source": [],
"Source Service": [],
"Destination": [],
"Destination Service": [],
"Action": ""
}
]
}
Parameter | Description |
---|---|
IP Address | IP Address used to query for the Tufin zone. |
The output contains the following populated JSON schema:
{
"output": [
{
"Name": "",
"ID": ""
}
]
}
Parameter | Description |
---|---|
Request Type | Type of change request you want to submit to SecureChange. |
Request Priority | Priority of change request you want to submit to SecureChange. |
Source or Target | Source or target IP or FQDN |
Destination (Mandatory for FW Change) | Destination (Mandatory for FW Change) |
Protocol (Mandatory for FW Change) | Protocol (Mandatory for FW Change) |
Port (Mandatory for FW Change) | Port (Mandatory for FW Change) |
Action (Mandatory for FW Change) | Action (Mandatory for FW Change) |
Comment | Comment to be added to the Ticket you want to submit to SecureChange. |
Subject | Subject to be added to the Ticket you want to submit to SecureChange. |
The output contains the following populated JSON schema:
{
"status": ""
}
Parameter | Description |
---|---|
Device Name | Name of the device that you want to search in SecureTrack. |
Device IP | IP of the device that you want to search in SecureTrack. |
Device Vendor | Vendor of the device that you want to search in SecureTrack. |
Device Model | Model of the device that you want to search in SecureTrack. |
The output contains the following populated JSON schema:
{
"output": [
{
"ID": "",
"Name": "",
"IP": "",
"Vendor": "",
"Model": ""
}
]
}
Parameter | Description |
---|---|
Ticket ID | SecureChange ticket ID whose change information you want to retrieve from SecureChange. |
The output contains the following populated JSON schema:
{
"ID": "",
"Subject": "",
"Priority": "",
"Status": "",
"CurrentStep": "",
"Requester": "",
"WorkflowID": 0,
"WorkflowName": ""
}
Parameter | Description |
---|---|
Application Name | Name of the application that you want to search for in SecureApp. |
The output contains the following populated JSON schema:
{
"ID": 0,
"Name": "",
"Status": "",
"Decommissioned": false,
"OwnerID": 0,
"OwnerName": "",
"Comments": ""
}
Parameter | Description |
---|---|
Application ID | ID of the application whose connectors you want to search for in SecureApp. |
The output contains the following populated JSON schema:
{
"ID": 0,
"Name": "",
"ApID": 0,
"Status": "",
"External": false,
"Source": [
{
"ID": 0,
"Type": "",
"Name": ""
}
],
"Destination": [
{
"ID": 0,
"Type": "",
"Name": ""
}
],
"Service": [
{
"ID": 0,
"Name": ""
}
],
"Comment": ""
}
The Sample-Tufin-1.0.0
playbook collection comes bundled with the Tufin connector. This playbook contains steps using which you can perform all supported actions. You can see the bundled playbooks in the Automation > Playbooks section in FortiSOAR™ after importing the Tufin connector.
Note: If you are planning to use any of the sample playbooks in your environment, ensure that you clone those playbooks and move them to a different collection, since the sample playbook collection gets deleted during connector upgrade and delete.
Contact Tufin support at support@tufin.com, or submit a request through the Tufin portal.