Pensando's Policy and Services Manager (PSM) is a distributed system that leverages an intent-based model to deliver network and security policy to Pensando Distributed Services Cards for services implementation at the edge.
This document provides information about the Pensando Policy Service Manager Connector, which facilitates automated interactions, with a Pensando Policy Service Manager server using FortiSOAR™ playbooks. Add the Pensando Policy Service Manager connector as a step in FortiSOAR™ playbooks and perform automated operations such as retrieving a list of network security policies from the Pensando PSM server, enabling Mirror Traffic Export of traffic flows for a source IP on the Pensando PSM server, removing the complete IOC block list from the Pensando PSM Server, etc.
Connector Version: 1.0.1
Authored By: Community
Certified: No
Following enhancements have been made to the Pensando Policy Service Manager connector in version 1.0.1:
Use the Content Hub to install the connector. For the detailed procedure to install a connector, click here.
You can also use the following yum command as a root
user to install connectors from an SSH session:
yum install cyops-connector-pensando-policy-servicemanager
For the procedure to configure a connector, click here
In FortiSOAR™, on the Content Hub (or Connector Store) page, click the Manage tab, and then click the Pensando Policy Service Manager connector card. On the connector popup, click the Configurations tab to enter the required configuration details.
Parameter | Description |
---|---|
Server Address | The address of the Pensando PSM server to which you will connect and perform the automated operations. |
Server Port | The port of the Pensando PSM server to which you will connect and perform the automated operations. |
Tenant | The tenant of the Pensando PSM server to which you will connect and perform the automated operations. |
Username | The username used to access the Pensando PSM server to which you will connect and perform the automated operations. |
Password | The password used to access the Pensando PSM server to which you will connect and perform the automated operations. |
Protocol | The protocol used to connect the Pensando PSM server to which you will connect and perform the automated operations. You can choose between HTTPS or HTTP. |
Verify SSL | Specifies whether the SSL certificate for the server is to be verified or not. By default, this option is set as True. |
The following automated operations can be included in playbooks and you can also use the annotations to access operations from FortiSOAR™ release 4.10.0 and onwards:
Function | Description | Annotation and Category |
---|---|---|
Get Network Security Policies | Retrieves the list of network security policies from the Pensando PSM server. | get_network_security_policies Investigation |
Get Alerts | Retrieves the list of alerts from the Pensando PSM server. | get_alerts Investigation |
Get Workloads | Retrieves the list of workloads from the Pensando PSM server. | get_workloads Investigation |
Get Networks | Retrieves the list of networks from the Pensando PSM server. | get_networks Investigation |
Get Distributed Service Cards | Retrieves the list of distributed service cards from the Pensando PSM server. | get_distributedservicecards Investigation |
Enable IPFIX Export for Host | Enables IPFIX Flow Export of all flows for a source IP from the Pensando PSM server based on the IP address of the host source IP, the destination IP address of the IPFIX collector, and other input parameters you have specified. | enable_ipfix_export Investigation |
Delete existing IPFIX Export for Host | Deletes IPFIX Flow Export of all flows for a source IP from the Pensando PSM server based on the IP address of the host source IP and the destination IP address of the IPFIX collector you have specified. | delete_ipfix_export Investigation |
Enable Mirror Traffic Export for Host | Enables Mirror Traffic Export of traffic flows for a source IP on the Pensando PSM server based on the IP address of the host source IP, ERSPAN ID, and other input parameters you have specified. | enable_mirror_export Investigation |
Delete Existing Mirror Traffic Export for Host | Deletes ERSPAN Mirror Traffic Export of all flows for a source IP from the Pensando PSM server based on the IP address of the host source IP and the destination IP address of the ERSPAN collector you have specified. | delete_mirror_export Investigation |
Isolate Host | Quarantines on a specific host (disallows all North/South/East/West inbound and outbound traffic) on the Pensando PSM server based on the IP address of the host source IP you have specified. | isolate_host Containment |
Unisolate Host | Removes the quarantine on a specific host quarantine (Remove North/South/East/West inbound and outbound traffic block) on the Pensando PSM Server based on the IP address of the host source IP you have specified. | unisolate_host Remediation |
Add IOC IPs to Blocklist | Add one or more specified IOC IPs to a block list on the Pensando PSM Server based on the IOC IP addresses you have specified. | ioc_block_add_ip Containment |
Remove IOC IPs from Blocklist | Removes one or more specified IOC IPs from a block list on the Pensando PSM Server based on the IOC IP addresses you have specified. | ioc_block_remove_ip Remediation |
Remove IOC Blocklist | Removes the complete IOC block list from the Pensando PSM Server. | ioc_delete_list Remediation |
None.
The output contains the following populated JSON schema:
{
"result": "",
"api_data": ""
}
None.
The output contains the following populated JSON schema:
{
"result": "",
"api_data": ""
}
None.
The output contains the following populated JSON schema:
{
"result": "",
"api_data": ""
}
None.
The output contains the following populated JSON schema:
{
"result": "",
"api_data": ""
}
None.
The output contains the following populated JSON schema:
{
"result": "",
"api_data": ""
}
Parameter | Description |
---|---|
Host Source IP | Specify the source IP of the host whose IPFIX flow exports you want to enable on the Pensando PSM server. |
Interval | Specify the time interval for pushing the records to an external collector. You must specify the value in the 'string' format, for example, '10s', '20m'. It should also be a valid time duration between 1s and 24h0m0s. For example, '60s'. |
Template Interval | Specify the time interval for sending IPFIX templates to an external collector. You must specify the value in the 'string' format, for example, '1m', '20m'. It should also be a valid time duration between 1m0s and 30m0s. For example, '15m'. |
IPFIX Collector Destination IP | Specify the IP address of the IPFIX collector. |
IPFIX Collector Destination Gateway IP | Specify the gateway IP address for the IPFIX Collector. |
IPFIX Collector Destination Protocol | Specify the protocol of the IPFIX Collector. |
IPFIX Collector Destination Port | Specify the destination port of the IPFIX Collector. |
The output contains the following populated JSON schema:
{
"result": "",
"api_data": ""
}
Parameter | Description |
---|---|
Host Source IP | Specify the source IP of the host whose IPFIX flow exports you want to delete from the Pensando PSM server. |
IPFIX Collector Destination IP | Specify the destination port of the IPFIX Collector. |
The output contains the following populated JSON schema:
{
"result": "",
"api_data": ""
}
Parameter | Description |
---|---|
Host Source IP | Specify the source IP of the host whose Mirror traffic exports you want to enable on the Pensando PSM server. |
ERSPAN ID | Specify the ERSPAN ID, the value of which must be between 1 and 1023. |
Packet Size | Specify the maximum size of a mirrored packet. The packet size is not checked by default, and its value must be between 64 and 2048. |
ERSPAN Type | Select the type of ERSPAN collector. You can choose between erspan_type_2 or erspan_type_3. |
ERSPAN Collector Destination IP | Specify the destination IP address of the ERSPAN Collector. |
ERSPAN Collector Destination Gateway IP | Specify the destination Gateway IP of the ERSPAN Collector. |
Strip VLAN | Select this option to remove VLAN from the mirrored packets. |
Match Destination IP Addresses | Specify the destination IPs to be matched for the mirrored packets. You can specify IP addresses in a comma-separated list or a JSON array. For example, '10.1.1.1, 192.168.1.1' or '["10.1.1.1", "192.168.1.1"] ' |
Match Protocols and Ports | Specify the protocols and ports or port range to be matched for the mirrored packets. You can specify protocols and ports in a comma-separated list or a JSON array. For example, 'any, icmp, udp/500, tcp/80-88' or '["any", "icmp, udp/500", "tcp/80-88"] ' |
The output contains the following populated JSON schema:
{
"result": "",
"api_data": ""
}
Parameter | Description |
---|---|
Host Source IP | Specify the source IP of the host whose Mirror traffic exports you want to delete from the Pensando PSM server. |
ERSPAN Collector Destination IP | Specify the destination IP address of the ERSPAN Collector. |
The output contains the following populated JSON schema:
{
"result": "",
"api_data": ""
}
Parameter | Description |
---|---|
Host Source IP | Specify the source IP of the host that you want to quarantine on the Pensando PSM server. |
The output contains the following populated JSON schema:
{
"result": "",
"api_data": ""
}
Parameter | Description |
---|---|
Host Source IP | Specify the source IP of the host whose quarantine you want to remove from the Pensando PSM server. |
The output contains the following populated JSON schema:
{
"result": "",
"api_data": ""
}
Parameter | Description |
---|---|
IOC IP Address(es) | Specify the IP addresses that you want to add to the block list on the Pensando PSM server. You can specify IP addresses in a comma-separated list or a JSON array. For example, '10.1.1.1, 192.168.1.1' or '["10.1.1.1", "192.168.1.1"] ' |
The output contains the following populated JSON schema:
{
"result": "",
"api_data": ""
}
Parameter | Description |
---|---|
IOC IP Address(es) | Specify the IP addresses that you want to remove from the block list on the Pensando PSM server. You can specify IP addresses in a comma-separated list or a JSON array. For example, '10.1.1.1, 192.168.1.1' or '["10.1.1.1", "192.168.1.1"] ' |
The output contains the following populated JSON schema:
{
"result": "",
"api_data": ""
}
None.
The output contains the following populated JSON schema:
{
"result": "",
"api_data": ""
}
The Sample - Pensando Policy Service Manager - 1.0.1
playbook collection comes bundled with the Pensando Policy Service Manager connector. These playbooks contain steps using which you can perform all supported actions. You can see bundled playbooks in the Automation > Playbooks section in FortiSOAR™ after importing the Pensando Policy Service Manager connector.
Note: If you are planning to use any of the sample playbooks in your environment, ensure that you clone those playbooks and move them to a different collection since the sample playbook collection gets deleted during connector upgrade and delete.
Pensando's Policy and Services Manager (PSM) is a distributed system that leverages an intent-based model to deliver network and security policy to Pensando Distributed Services Cards for services implementation at the edge.
This document provides information about the Pensando Policy Service Manager Connector, which facilitates automated interactions, with a Pensando Policy Service Manager server using FortiSOAR™ playbooks. Add the Pensando Policy Service Manager connector as a step in FortiSOAR™ playbooks and perform automated operations such as retrieving a list of network security policies from the Pensando PSM server, enabling Mirror Traffic Export of traffic flows for a source IP on the Pensando PSM server, removing the complete IOC block list from the Pensando PSM Server, etc.
Connector Version: 1.0.1
Authored By: Community
Certified: No
Following enhancements have been made to the Pensando Policy Service Manager connector in version 1.0.1:
Use the Content Hub to install the connector. For the detailed procedure to install a connector, click here.
You can also use the following yum command as a root
user to install connectors from an SSH session:
yum install cyops-connector-pensando-policy-servicemanager
For the procedure to configure a connector, click here
In FortiSOAR™, on the Content Hub (or Connector Store) page, click the Manage tab, and then click the Pensando Policy Service Manager connector card. On the connector popup, click the Configurations tab to enter the required configuration details.
Parameter | Description |
---|---|
Server Address | The address of the Pensando PSM server to which you will connect and perform the automated operations. |
Server Port | The port of the Pensando PSM server to which you will connect and perform the automated operations. |
Tenant | The tenant of the Pensando PSM server to which you will connect and perform the automated operations. |
Username | The username used to access the Pensando PSM server to which you will connect and perform the automated operations. |
Password | The password used to access the Pensando PSM server to which you will connect and perform the automated operations. |
Protocol | The protocol used to connect the Pensando PSM server to which you will connect and perform the automated operations. You can choose between HTTPS or HTTP. |
Verify SSL | Specifies whether the SSL certificate for the server is to be verified or not. By default, this option is set as True. |
The following automated operations can be included in playbooks and you can also use the annotations to access operations from FortiSOAR™ release 4.10.0 and onwards:
Function | Description | Annotation and Category |
---|---|---|
Get Network Security Policies | Retrieves the list of network security policies from the Pensando PSM server. | get_network_security_policies Investigation |
Get Alerts | Retrieves the list of alerts from the Pensando PSM server. | get_alerts Investigation |
Get Workloads | Retrieves the list of workloads from the Pensando PSM server. | get_workloads Investigation |
Get Networks | Retrieves the list of networks from the Pensando PSM server. | get_networks Investigation |
Get Distributed Service Cards | Retrieves the list of distributed service cards from the Pensando PSM server. | get_distributedservicecards Investigation |
Enable IPFIX Export for Host | Enables IPFIX Flow Export of all flows for a source IP from the Pensando PSM server based on the IP address of the host source IP, the destination IP address of the IPFIX collector, and other input parameters you have specified. | enable_ipfix_export Investigation |
Delete existing IPFIX Export for Host | Deletes IPFIX Flow Export of all flows for a source IP from the Pensando PSM server based on the IP address of the host source IP and the destination IP address of the IPFIX collector you have specified. | delete_ipfix_export Investigation |
Enable Mirror Traffic Export for Host | Enables Mirror Traffic Export of traffic flows for a source IP on the Pensando PSM server based on the IP address of the host source IP, ERSPAN ID, and other input parameters you have specified. | enable_mirror_export Investigation |
Delete Existing Mirror Traffic Export for Host | Deletes ERSPAN Mirror Traffic Export of all flows for a source IP from the Pensando PSM server based on the IP address of the host source IP and the destination IP address of the ERSPAN collector you have specified. | delete_mirror_export Investigation |
Isolate Host | Quarantines on a specific host (disallows all North/South/East/West inbound and outbound traffic) on the Pensando PSM server based on the IP address of the host source IP you have specified. | isolate_host Containment |
Unisolate Host | Removes the quarantine on a specific host quarantine (Remove North/South/East/West inbound and outbound traffic block) on the Pensando PSM Server based on the IP address of the host source IP you have specified. | unisolate_host Remediation |
Add IOC IPs to Blocklist | Add one or more specified IOC IPs to a block list on the Pensando PSM Server based on the IOC IP addresses you have specified. | ioc_block_add_ip Containment |
Remove IOC IPs from Blocklist | Removes one or more specified IOC IPs from a block list on the Pensando PSM Server based on the IOC IP addresses you have specified. | ioc_block_remove_ip Remediation |
Remove IOC Blocklist | Removes the complete IOC block list from the Pensando PSM Server. | ioc_delete_list Remediation |
None.
The output contains the following populated JSON schema:
{
"result": "",
"api_data": ""
}
None.
The output contains the following populated JSON schema:
{
"result": "",
"api_data": ""
}
None.
The output contains the following populated JSON schema:
{
"result": "",
"api_data": ""
}
None.
The output contains the following populated JSON schema:
{
"result": "",
"api_data": ""
}
None.
The output contains the following populated JSON schema:
{
"result": "",
"api_data": ""
}
Parameter | Description |
---|---|
Host Source IP | Specify the source IP of the host whose IPFIX flow exports you want to enable on the Pensando PSM server. |
Interval | Specify the time interval for pushing the records to an external collector. You must specify the value in the 'string' format, for example, '10s', '20m'. It should also be a valid time duration between 1s and 24h0m0s. For example, '60s'. |
Template Interval | Specify the time interval for sending IPFIX templates to an external collector. You must specify the value in the 'string' format, for example, '1m', '20m'. It should also be a valid time duration between 1m0s and 30m0s. For example, '15m'. |
IPFIX Collector Destination IP | Specify the IP address of the IPFIX collector. |
IPFIX Collector Destination Gateway IP | Specify the gateway IP address for the IPFIX Collector. |
IPFIX Collector Destination Protocol | Specify the protocol of the IPFIX Collector. |
IPFIX Collector Destination Port | Specify the destination port of the IPFIX Collector. |
The output contains the following populated JSON schema:
{
"result": "",
"api_data": ""
}
Parameter | Description |
---|---|
Host Source IP | Specify the source IP of the host whose IPFIX flow exports you want to delete from the Pensando PSM server. |
IPFIX Collector Destination IP | Specify the destination port of the IPFIX Collector. |
The output contains the following populated JSON schema:
{
"result": "",
"api_data": ""
}
Parameter | Description |
---|---|
Host Source IP | Specify the source IP of the host whose Mirror traffic exports you want to enable on the Pensando PSM server. |
ERSPAN ID | Specify the ERSPAN ID, the value of which must be between 1 and 1023. |
Packet Size | Specify the maximum size of a mirrored packet. The packet size is not checked by default, and its value must be between 64 and 2048. |
ERSPAN Type | Select the type of ERSPAN collector. You can choose between erspan_type_2 or erspan_type_3. |
ERSPAN Collector Destination IP | Specify the destination IP address of the ERSPAN Collector. |
ERSPAN Collector Destination Gateway IP | Specify the destination Gateway IP of the ERSPAN Collector. |
Strip VLAN | Select this option to remove VLAN from the mirrored packets. |
Match Destination IP Addresses | Specify the destination IPs to be matched for the mirrored packets. You can specify IP addresses in a comma-separated list or a JSON array. For example, '10.1.1.1, 192.168.1.1' or '["10.1.1.1", "192.168.1.1"] ' |
Match Protocols and Ports | Specify the protocols and ports or port range to be matched for the mirrored packets. You can specify protocols and ports in a comma-separated list or a JSON array. For example, 'any, icmp, udp/500, tcp/80-88' or '["any", "icmp, udp/500", "tcp/80-88"] ' |
The output contains the following populated JSON schema:
{
"result": "",
"api_data": ""
}
Parameter | Description |
---|---|
Host Source IP | Specify the source IP of the host whose Mirror traffic exports you want to delete from the Pensando PSM server. |
ERSPAN Collector Destination IP | Specify the destination IP address of the ERSPAN Collector. |
The output contains the following populated JSON schema:
{
"result": "",
"api_data": ""
}
Parameter | Description |
---|---|
Host Source IP | Specify the source IP of the host that you want to quarantine on the Pensando PSM server. |
The output contains the following populated JSON schema:
{
"result": "",
"api_data": ""
}
Parameter | Description |
---|---|
Host Source IP | Specify the source IP of the host whose quarantine you want to remove from the Pensando PSM server. |
The output contains the following populated JSON schema:
{
"result": "",
"api_data": ""
}
Parameter | Description |
---|---|
IOC IP Address(es) | Specify the IP addresses that you want to add to the block list on the Pensando PSM server. You can specify IP addresses in a comma-separated list or a JSON array. For example, '10.1.1.1, 192.168.1.1' or '["10.1.1.1", "192.168.1.1"] ' |
The output contains the following populated JSON schema:
{
"result": "",
"api_data": ""
}
Parameter | Description |
---|---|
IOC IP Address(es) | Specify the IP addresses that you want to remove from the block list on the Pensando PSM server. You can specify IP addresses in a comma-separated list or a JSON array. For example, '10.1.1.1, 192.168.1.1' or '["10.1.1.1", "192.168.1.1"] ' |
The output contains the following populated JSON schema:
{
"result": "",
"api_data": ""
}
None.
The output contains the following populated JSON schema:
{
"result": "",
"api_data": ""
}
The Sample - Pensando Policy Service Manager - 1.0.1
playbook collection comes bundled with the Pensando Policy Service Manager connector. These playbooks contain steps using which you can perform all supported actions. You can see bundled playbooks in the Automation > Playbooks section in FortiSOAR™ after importing the Pensando Policy Service Manager connector.
Note: If you are planning to use any of the sample playbooks in your environment, ensure that you clone those playbooks and move them to a different collection since the sample playbook collection gets deleted during connector upgrade and delete.