Fortinet Document Library

Version:


Table of Contents

1.0.1
Copy Link

About the connector

Maxmind GeoIP2 Precision Services offers industry-leading IP intelligence data, updated weekly.Country service works best for customers who only need to know the country of an IP address. Country names are available in English, Simplified Chinese, German, Spanish, French, Japanese, Portuguese, and Russian. City service provides most accurate information about the location of an IP address to the zip or postal code level and identifies the associated ISP or organization. 

This document provides information about the Maxmind connector, which facilitates automated interactions, with a Maxmind server using FortiSOAR™ playbooks. Add the Maxmind connector as a step in FortiSOAR™ playbooks and perform automated operations, such as getting all the information about a specified IP and getting insight information about a specified IP.

Version information

Connector Version: 1.0.1

FortiSOAR™ Version Tested on:  4.9.0.0-708 and later

Maxmind GeoIP2 Precision Services Version Tested on: 2.1

Authored By: Fortinet.

Certified: Yes

Release Notes for version 1.0.1

Following enhancements have been made to the Maxmind Connector in version 1.0.1:

  • Masked the text entered in the Password field on the Configuration page.

  • Added a link to the online help.

  • Merged the Get City Details, Get Country Details, and Get Insight Details functions into a single function, named Get Specific Details of IP. 

Installing the connector

All connectors provided by FortiSOAR™ are delivered using a FortiSOAR™ repository. Therefore, you must set up your FortiSOAR™ repository and use the yum command to install connectors:

yum install cyops-connector-maxmind

For the procedure to install a connector, click here.

Prerequisites to configuring the connector

  • You must have the URL of the Maxmind server and credentials to access the server to which you will connect and perform the automated operations.
  • To access the FortiSOAR™ UI, ensure that port 443 is open through the firewall for the FortiSOAR™ instance.

Configuring the connector

For the procedure to configure a connector, click here.

Configuration parameters

In FortiSOAR™, on the Connectors page, select the Maxmind connector and click Configure to configure the following  parameters:

Parameter Description
Server URL URL of the Maxmind server to which you will connect and perform the automated operations.
Maxmind Userid Username to access the Maxmind server.
Maxmind License Key License key to access the Maxmind server.
Verify SSL Verify SSL connection to the Maxmind server. 
Defaults to True.

 

Actions supported by the connector

The following automated operations can be included in playbooks and you can also use the annotations to access operations from FortiSOAR™ release 4.10.0 onwards:

Function Description Annotation and Category
Get All Details of IP Retrieves all the information related to the specified IP address. ip_details
Investigation
Get Specific Details of IP Retrieves city, country, or insight information of the specified IP address. Insight information provides additional details about the IP such as traits, user types, and organization. ip_details
Investigation

 

operation: Get All Details of IP

Input parameters

Parameter Description
IP Address IP address for which you retrieve information.

Output

The JSON output contains all the details of the specified IP.

Following image displays a sample output:

 

operation: Get Specific Details of IP

Input parameters

Parameter Description
IP Address IP address for which you retrieve information.
Operation Name Name of the operation, or information, based on which you want retrieve details for the IP. For example, if you specify city then the city details of the specified IP will be retrieved.

Output

The JSON output contains the specific details, such as city, country or insight details, of the the specified IP.

Following image displays a sample output for city information of the specified IP:

 

Following image displays a sample output of the country details of the specified IP:

 

Following image displays a sample output of the insight details of the specified IP:

 

Included playbooks

The Sample - Maxmind - 1.0.1 playbook collection comes bundled with the Maxmind connector. This playbook contains steps using which you can perform all supported actions. You can see the bundled playbooks in the Automation > Playbooks section in FortiSOAR™ after importing the Maxmind connector.

Note: If you are planning to use any of the sample playbooks in your environment, ensure that you clone those playbooks and move them to a different collection, since the sample playbook collection gets deleted during connector upgrade and delete.

 

About the connector

Maxmind GeoIP2 Precision Services offers industry-leading IP intelligence data, updated weekly.Country service works best for customers who only need to know the country of an IP address. Country names are available in English, Simplified Chinese, German, Spanish, French, Japanese, Portuguese, and Russian. City service provides most accurate information about the location of an IP address to the zip or postal code level and identifies the associated ISP or organization. 

This document provides information about the Maxmind connector, which facilitates automated interactions, with a Maxmind server using FortiSOAR™ playbooks. Add the Maxmind connector as a step in FortiSOAR™ playbooks and perform automated operations, such as getting all the information about a specified IP and getting insight information about a specified IP.

Version information

Connector Version: 1.0.1

FortiSOAR™ Version Tested on:  4.9.0.0-708 and later

Maxmind GeoIP2 Precision Services Version Tested on: 2.1

Authored By: Fortinet.

Certified: Yes

Release Notes for version 1.0.1

Following enhancements have been made to the Maxmind Connector in version 1.0.1:

Installing the connector

All connectors provided by FortiSOAR™ are delivered using a FortiSOAR™ repository. Therefore, you must set up your FortiSOAR™ repository and use the yum command to install connectors:

yum install cyops-connector-maxmind

For the procedure to install a connector, click here.

Prerequisites to configuring the connector

Configuring the connector

For the procedure to configure a connector, click here.

Configuration parameters

In FortiSOAR™, on the Connectors page, select the Maxmind connector and click Configure to configure the following  parameters:

Parameter Description
Server URL URL of the Maxmind server to which you will connect and perform the automated operations.
Maxmind Userid Username to access the Maxmind server.
Maxmind License Key License key to access the Maxmind server.
Verify SSL Verify SSL connection to the Maxmind server. 
Defaults to True.

 

Actions supported by the connector

The following automated operations can be included in playbooks and you can also use the annotations to access operations from FortiSOAR™ release 4.10.0 onwards:

Function Description Annotation and Category
Get All Details of IP Retrieves all the information related to the specified IP address. ip_details
Investigation
Get Specific Details of IP Retrieves city, country, or insight information of the specified IP address. Insight information provides additional details about the IP such as traits, user types, and organization. ip_details
Investigation

 

operation: Get All Details of IP

Input parameters

Parameter Description
IP Address IP address for which you retrieve information.

Output

The JSON output contains all the details of the specified IP.

Following image displays a sample output:

 

operation: Get Specific Details of IP

Input parameters

Parameter Description
IP Address IP address for which you retrieve information.
Operation Name Name of the operation, or information, based on which you want retrieve details for the IP. For example, if you specify city then the city details of the specified IP will be retrieved.

Output

The JSON output contains the specific details, such as city, country or insight details, of the the specified IP.

Following image displays a sample output for city information of the specified IP:

 

Following image displays a sample output of the country details of the specified IP:

 

Following image displays a sample output of the insight details of the specified IP:

 

Included playbooks

The Sample - Maxmind - 1.0.1 playbook collection comes bundled with the Maxmind connector. This playbook contains steps using which you can perform all supported actions. You can see the bundled playbooks in the Automation > Playbooks section in FortiSOAR™ after importing the Maxmind connector.

Note: If you are planning to use any of the sample playbooks in your environment, ensure that you clone those playbooks and move them to a different collection, since the sample playbook collection gets deleted during connector upgrade and delete.