Fortinet black logo

Pensando Policy Service Manager

Pensando Policy Service Manager v1.0.1

1.0.1
Copy Link
Copy Doc ID 26d4578d-ed65-11ec-bb32-fa163e15d75b:292

About the connector

Pensando's Policy and Services Manager (PSM) is a distributed system that leverages an intent-based model to deliver network and security policy to Pensando Distributed Services Cards for services implementation at the edge.

This document provides information about the Pensando Policy Service Manager Connector, which facilitates automated interactions, with a Pensando Policy Service Manager server using FortiSOAR™ playbooks. Add the Pensando Policy Service Manager connector as a step in FortiSOAR™ playbooks and perform automated operations such as retrieving a list of network security policies from the Pensando PSM server, enabling Mirror Traffic Export of traffic flows for a source IP on the Pensando PSM server, removing the complete IOC block list from the Pensando PSM Server, etc.

Version information

Connector Version: 1.0.1

Authored By: Community

Certified: No

Release Notes for version 1.0.1

Following enhancements have been made to the Pensando Policy Service Manager connector in version 1.0.1:

  • Removed all the 'Debug' operations and playbooks from the connector as these actions are meant for development and not for production.

Installing the connector

Use the Content Hub to install the connector. For the detailed procedure to install a connector, click here.
You can also use the following yum command as a root user to install connectors from an SSH session:
yum install cyops-connector-pensando-policy-servicemanager

Prerequisites to configuring the connector

  • You must have the port, address, and tenant of the Pensando Policy Service Manager server to which you will connect and perform automated operations and credentials (username-password pair) to access that server.
  • The FortiSOAR™ server should have outbound connectivity to port 443 on the Pensando Policy Service Manager server.

Minimum Permissions Required

  • Not applicable

Configuring the connector

For the procedure to configure a connector, click here

Configuration parameters

In FortiSOAR™, on the Content Hub (or Connector Store) page, click the Manage tab, and then click the Pensando Policy Service Manager connector card. On the connector popup, click the Configurations tab to enter the required configuration details.

Parameter Description
Server Address The address of the Pensando PSM server to which you will connect and perform the automated operations.
Server Port The port of the Pensando PSM server to which you will connect and perform the automated operations.
Tenant The tenant of the Pensando PSM server to which you will connect and perform the automated operations.
Username The username used to access the Pensando PSM server to which you will connect and perform the automated operations.
Password The password used to access the Pensando PSM server to which you will connect and perform the automated operations.
Protocol The protocol used to connect the Pensando PSM server to which you will connect and perform the automated operations. You can choose between HTTPS or HTTP.
Verify SSL Specifies whether the SSL certificate for the server is to be verified or not.
By default, this option is set as True.

Actions supported by the connector

The following automated operations can be included in playbooks and you can also use the annotations to access operations from FortiSOAR™ release 4.10.0 and onwards:

Function Description Annotation and Category
Get Network Security Policies Retrieves the list of network security policies from the Pensando PSM server. get_network_security_policies
Investigation
Get Alerts Retrieves the list of alerts from the Pensando PSM server. get_alerts
Investigation
Get Workloads Retrieves the list of workloads from the Pensando PSM server. get_workloads
Investigation
Get Networks Retrieves the list of networks from the Pensando PSM server. get_networks
Investigation
Get Distributed Service Cards Retrieves the list of distributed service cards from the Pensando PSM server. get_distributedservicecards
Investigation
Enable IPFIX Export for Host Enables IPFIX Flow Export of all flows for a source IP from the Pensando PSM server based on the IP address of the host source IP, the destination IP address of the IPFIX collector, and other input parameters you have specified. enable_ipfix_export
Investigation
Delete existing IPFIX Export for Host Deletes IPFIX Flow Export of all flows for a source IP from the Pensando PSM server based on the IP address of the host source IP and the destination IP address of the IPFIX collector you have specified. delete_ipfix_export
Investigation
Enable Mirror Traffic Export for Host Enables Mirror Traffic Export of traffic flows for a source IP on the Pensando PSM server based on the IP address of the host source IP, ERSPAN ID, and other input parameters you have specified. enable_mirror_export
Investigation
Delete Existing Mirror Traffic Export for Host Deletes ERSPAN Mirror Traffic Export of all flows for a source IP from the Pensando PSM server based on the IP address of the host source IP and the destination IP address of the ERSPAN collector you have specified. delete_mirror_export
Investigation
Isolate Host Quarantines on a specific host (disallows all North/South/East/West inbound and outbound traffic) on the Pensando PSM server based on the IP address of the host source IP you have specified. isolate_host
Containment
Unisolate Host Removes the quarantine on a specific host quarantine (Remove North/South/East/West inbound and outbound traffic block) on the Pensando PSM Server based on the IP address of the host source IP you have specified. unisolate_host
Remediation
Add IOC IPs to Blocklist Add one or more specified IOC IPs to a block list on the Pensando PSM Server based on the IOC IP addresses you have specified. ioc_block_add_ip
Containment
Remove IOC IPs from Blocklist Removes one or more specified IOC IPs from a block list on the Pensando PSM Server based on the IOC IP addresses you have specified. ioc_block_remove_ip
Remediation
Remove IOC Blocklist Removes the complete IOC block list from the Pensando PSM Server. ioc_delete_list
Remediation

operation: Get Network Security Policies

Input parameters

None.

Output

The output contains the following populated JSON schema:
{
"result": "",
"api_data": ""
}

operation: Get Alerts

Input parameters

None.

Output

The output contains the following populated JSON schema:
{
"result": "",
"api_data": ""
}

operation: Get Workloads

Input parameters

None.

Output

The output contains the following populated JSON schema:
{
"result": "",
"api_data": ""
}

operation: Get Networks

Input parameters

None.

Output

The output contains the following populated JSON schema:
{
"result": "",
"api_data": ""
}

operation: Get Distributed Service Cards

Input parameters

None.

Output

The output contains the following populated JSON schema:
{
"result": "",
"api_data": ""
}

operation: Enable IPFIX Export for Host

Input parameters

Parameter Description
Host Source IP Specify the source IP of the host whose IPFIX flow exports you want to enable on the Pensando PSM server.
Interval Specify the time interval for pushing the records to an external collector. You must specify the value in the 'string' format, for example, '10s', '20m'. It should also be a valid time duration between 1s and 24h0m0s. For example, '60s'.
Template Interval Specify the time interval for sending IPFIX templates to an external collector. You must specify the value in the 'string' format, for example, '1m', '20m'. It should also be a valid time duration between 1m0s and 30m0s. For example, '15m'.
IPFIX Collector Destination IP Specify the IP address of the IPFIX collector.
IPFIX Collector Destination Gateway IP Specify the gateway IP address for the IPFIX Collector.
IPFIX Collector Destination Protocol Specify the protocol of the IPFIX Collector.
IPFIX Collector Destination Port Specify the destination port of the IPFIX Collector.

Output

The output contains the following populated JSON schema:
{
"result": "",
"api_data": ""
}

operation: Delete existing IPFIX Export for Host

Input parameters

Parameter Description
Host Source IP Specify the source IP of the host whose IPFIX flow exports you want to delete from the Pensando PSM server.
IPFIX Collector Destination IP Specify the destination port of the IPFIX Collector.

Output

The output contains the following populated JSON schema:
{
"result": "",
"api_data": ""
}

operation: Enable Mirror Traffic Export for Host

Input parameters

Parameter Description
Host Source IP Specify the source IP of the host whose Mirror traffic exports you want to enable on the Pensando PSM server.
ERSPAN ID Specify the ERSPAN ID, the value of which must be between 1 and 1023.
Packet Size Specify the maximum size of a mirrored packet. The packet size is not checked by default, and its value must be between 64 and 2048.
ERSPAN Type Select the type of ERSPAN collector. You can choose between erspan_type_2 or erspan_type_3.
ERSPAN Collector Destination IP Specify the destination IP address of the ERSPAN Collector.
ERSPAN Collector Destination Gateway IP Specify the destination Gateway IP of the ERSPAN Collector.
Strip VLAN Select this option to remove VLAN from the mirrored packets.
Match Destination IP Addresses Specify the destination IPs to be matched for the mirrored packets. You can specify IP addresses in a comma-separated list or a JSON array. For example, '10.1.1.1, 192.168.1.1' or '["10.1.1.1", "192.168.1.1"]'
Match Protocols and Ports Specify the protocols and ports or port range to be matched for the mirrored packets. You can specify protocols and ports in a comma-separated list or a JSON array. For example, 'any, icmp, udp/500, tcp/80-88' or '["any", "icmp, udp/500", "tcp/80-88"]'

Output

The output contains the following populated JSON schema:
{
"result": "",
"api_data": ""
}

operation: Delete Existing Mirror Traffic Export for Host

Input parameters

Parameter Description
Host Source IP Specify the source IP of the host whose Mirror traffic exports you want to delete from the Pensando PSM server.
ERSPAN Collector Destination IP Specify the destination IP address of the ERSPAN Collector.

Output

The output contains the following populated JSON schema:
{
"result": "",
"api_data": ""
}

operation: Isolate Host

Input parameters

Parameter Description
Host Source IP Specify the source IP of the host that you want to quarantine on the Pensando PSM server.

Output

The output contains the following populated JSON schema:
{
"result": "",
"api_data": ""
}

operation: Unisolate Host

Input parameters

Parameter Description
Host Source IP Specify the source IP of the host whose quarantine you want to remove from the Pensando PSM server.

Output

The output contains the following populated JSON schema:
{
"result": "",
"api_data": ""
}

operation: Add IOC IPs to Blocklist

Input parameters

Parameter Description
IOC IP Address(es) Specify the IP addresses that you want to add to the block list on the Pensando PSM server. You can specify IP addresses in a comma-separated list or a JSON array. For example, '10.1.1.1, 192.168.1.1' or '["10.1.1.1", "192.168.1.1"]'

Output

The output contains the following populated JSON schema:
{
"result": "",
"api_data": ""
}

operation: Remove IOC IPs from Blocklist

Input parameters

Parameter Description
IOC IP Address(es) Specify the IP addresses that you want to remove from the block list on the Pensando PSM server. You can specify IP addresses in a comma-separated list or a JSON array. For example, '10.1.1.1, 192.168.1.1' or '["10.1.1.1", "192.168.1.1"]'

Output

The output contains the following populated JSON schema:
{
"result": "",
"api_data": ""
}

operation: Remove IOC Blocklist

Input parameters

None.

Output

The output contains the following populated JSON schema:
{
"result": "",
"api_data": ""
}

Included playbooks

The Sample - Pensando Policy Service Manager - 1.0.1 playbook collection comes bundled with the Pensando Policy Service Manager connector. These playbooks contain steps using which you can perform all supported actions. You can see bundled playbooks in the Automation > Playbooks section in FortiSOAR™ after importing the Pensando Policy Service Manager connector.

  • Add IOC IPs to Blocklist
  • Delete Existing Mirror Traffic Export for Host
  • Delete existing IPFIX Export for Host
  • Enable IPFIX Export for Host
  • Enable Mirror Traffic Export for Host
  • Get Alerts
  • Get Distributed Service Cards
  • Get Network Security Policies
  • Get Networks
  • Get Workloads
  • Isolate Host
  • Remove IOC Blocklist
  • Remove IOC IPs from Blocklist
  • Unisolate Host

Note: If you are planning to use any of the sample playbooks in your environment, ensure that you clone those playbooks and move them to a different collection since the sample playbook collection gets deleted during connector upgrade and delete.

Previous
Next

About the connector

Pensando's Policy and Services Manager (PSM) is a distributed system that leverages an intent-based model to deliver network and security policy to Pensando Distributed Services Cards for services implementation at the edge.

This document provides information about the Pensando Policy Service Manager Connector, which facilitates automated interactions, with a Pensando Policy Service Manager server using FortiSOAR™ playbooks. Add the Pensando Policy Service Manager connector as a step in FortiSOAR™ playbooks and perform automated operations such as retrieving a list of network security policies from the Pensando PSM server, enabling Mirror Traffic Export of traffic flows for a source IP on the Pensando PSM server, removing the complete IOC block list from the Pensando PSM Server, etc.

Version information

Connector Version: 1.0.1

Authored By: Community

Certified: No

Release Notes for version 1.0.1

Following enhancements have been made to the Pensando Policy Service Manager connector in version 1.0.1:

Installing the connector

Use the Content Hub to install the connector. For the detailed procedure to install a connector, click here.
You can also use the following yum command as a root user to install connectors from an SSH session:
yum install cyops-connector-pensando-policy-servicemanager

Prerequisites to configuring the connector

Minimum Permissions Required

Configuring the connector

For the procedure to configure a connector, click here

Configuration parameters

In FortiSOAR™, on the Content Hub (or Connector Store) page, click the Manage tab, and then click the Pensando Policy Service Manager connector card. On the connector popup, click the Configurations tab to enter the required configuration details.

Parameter Description
Server Address The address of the Pensando PSM server to which you will connect and perform the automated operations.
Server Port The port of the Pensando PSM server to which you will connect and perform the automated operations.
Tenant The tenant of the Pensando PSM server to which you will connect and perform the automated operations.
Username The username used to access the Pensando PSM server to which you will connect and perform the automated operations.
Password The password used to access the Pensando PSM server to which you will connect and perform the automated operations.
Protocol The protocol used to connect the Pensando PSM server to which you will connect and perform the automated operations. You can choose between HTTPS or HTTP.
Verify SSL Specifies whether the SSL certificate for the server is to be verified or not.
By default, this option is set as True.

Actions supported by the connector

The following automated operations can be included in playbooks and you can also use the annotations to access operations from FortiSOAR™ release 4.10.0 and onwards:

Function Description Annotation and Category
Get Network Security Policies Retrieves the list of network security policies from the Pensando PSM server. get_network_security_policies
Investigation
Get Alerts Retrieves the list of alerts from the Pensando PSM server. get_alerts
Investigation
Get Workloads Retrieves the list of workloads from the Pensando PSM server. get_workloads
Investigation
Get Networks Retrieves the list of networks from the Pensando PSM server. get_networks
Investigation
Get Distributed Service Cards Retrieves the list of distributed service cards from the Pensando PSM server. get_distributedservicecards
Investigation
Enable IPFIX Export for Host Enables IPFIX Flow Export of all flows for a source IP from the Pensando PSM server based on the IP address of the host source IP, the destination IP address of the IPFIX collector, and other input parameters you have specified. enable_ipfix_export
Investigation
Delete existing IPFIX Export for Host Deletes IPFIX Flow Export of all flows for a source IP from the Pensando PSM server based on the IP address of the host source IP and the destination IP address of the IPFIX collector you have specified. delete_ipfix_export
Investigation
Enable Mirror Traffic Export for Host Enables Mirror Traffic Export of traffic flows for a source IP on the Pensando PSM server based on the IP address of the host source IP, ERSPAN ID, and other input parameters you have specified. enable_mirror_export
Investigation
Delete Existing Mirror Traffic Export for Host Deletes ERSPAN Mirror Traffic Export of all flows for a source IP from the Pensando PSM server based on the IP address of the host source IP and the destination IP address of the ERSPAN collector you have specified. delete_mirror_export
Investigation
Isolate Host Quarantines on a specific host (disallows all North/South/East/West inbound and outbound traffic) on the Pensando PSM server based on the IP address of the host source IP you have specified. isolate_host
Containment
Unisolate Host Removes the quarantine on a specific host quarantine (Remove North/South/East/West inbound and outbound traffic block) on the Pensando PSM Server based on the IP address of the host source IP you have specified. unisolate_host
Remediation
Add IOC IPs to Blocklist Add one or more specified IOC IPs to a block list on the Pensando PSM Server based on the IOC IP addresses you have specified. ioc_block_add_ip
Containment
Remove IOC IPs from Blocklist Removes one or more specified IOC IPs from a block list on the Pensando PSM Server based on the IOC IP addresses you have specified. ioc_block_remove_ip
Remediation
Remove IOC Blocklist Removes the complete IOC block list from the Pensando PSM Server. ioc_delete_list
Remediation

operation: Get Network Security Policies

Input parameters

None.

Output

The output contains the following populated JSON schema:
{
"result": "",
"api_data": ""
}

operation: Get Alerts

Input parameters

None.

Output

The output contains the following populated JSON schema:
{
"result": "",
"api_data": ""
}

operation: Get Workloads

Input parameters

None.

Output

The output contains the following populated JSON schema:
{
"result": "",
"api_data": ""
}

operation: Get Networks

Input parameters

None.

Output

The output contains the following populated JSON schema:
{
"result": "",
"api_data": ""
}

operation: Get Distributed Service Cards

Input parameters

None.

Output

The output contains the following populated JSON schema:
{
"result": "",
"api_data": ""
}

operation: Enable IPFIX Export for Host

Input parameters

Parameter Description
Host Source IP Specify the source IP of the host whose IPFIX flow exports you want to enable on the Pensando PSM server.
Interval Specify the time interval for pushing the records to an external collector. You must specify the value in the 'string' format, for example, '10s', '20m'. It should also be a valid time duration between 1s and 24h0m0s. For example, '60s'.
Template Interval Specify the time interval for sending IPFIX templates to an external collector. You must specify the value in the 'string' format, for example, '1m', '20m'. It should also be a valid time duration between 1m0s and 30m0s. For example, '15m'.
IPFIX Collector Destination IP Specify the IP address of the IPFIX collector.
IPFIX Collector Destination Gateway IP Specify the gateway IP address for the IPFIX Collector.
IPFIX Collector Destination Protocol Specify the protocol of the IPFIX Collector.
IPFIX Collector Destination Port Specify the destination port of the IPFIX Collector.

Output

The output contains the following populated JSON schema:
{
"result": "",
"api_data": ""
}

operation: Delete existing IPFIX Export for Host

Input parameters

Parameter Description
Host Source IP Specify the source IP of the host whose IPFIX flow exports you want to delete from the Pensando PSM server.
IPFIX Collector Destination IP Specify the destination port of the IPFIX Collector.

Output

The output contains the following populated JSON schema:
{
"result": "",
"api_data": ""
}

operation: Enable Mirror Traffic Export for Host

Input parameters

Parameter Description
Host Source IP Specify the source IP of the host whose Mirror traffic exports you want to enable on the Pensando PSM server.
ERSPAN ID Specify the ERSPAN ID, the value of which must be between 1 and 1023.
Packet Size Specify the maximum size of a mirrored packet. The packet size is not checked by default, and its value must be between 64 and 2048.
ERSPAN Type Select the type of ERSPAN collector. You can choose between erspan_type_2 or erspan_type_3.
ERSPAN Collector Destination IP Specify the destination IP address of the ERSPAN Collector.
ERSPAN Collector Destination Gateway IP Specify the destination Gateway IP of the ERSPAN Collector.
Strip VLAN Select this option to remove VLAN from the mirrored packets.
Match Destination IP Addresses Specify the destination IPs to be matched for the mirrored packets. You can specify IP addresses in a comma-separated list or a JSON array. For example, '10.1.1.1, 192.168.1.1' or '["10.1.1.1", "192.168.1.1"]'
Match Protocols and Ports Specify the protocols and ports or port range to be matched for the mirrored packets. You can specify protocols and ports in a comma-separated list or a JSON array. For example, 'any, icmp, udp/500, tcp/80-88' or '["any", "icmp, udp/500", "tcp/80-88"]'

Output

The output contains the following populated JSON schema:
{
"result": "",
"api_data": ""
}

operation: Delete Existing Mirror Traffic Export for Host

Input parameters

Parameter Description
Host Source IP Specify the source IP of the host whose Mirror traffic exports you want to delete from the Pensando PSM server.
ERSPAN Collector Destination IP Specify the destination IP address of the ERSPAN Collector.

Output

The output contains the following populated JSON schema:
{
"result": "",
"api_data": ""
}

operation: Isolate Host

Input parameters

Parameter Description
Host Source IP Specify the source IP of the host that you want to quarantine on the Pensando PSM server.

Output

The output contains the following populated JSON schema:
{
"result": "",
"api_data": ""
}

operation: Unisolate Host

Input parameters

Parameter Description
Host Source IP Specify the source IP of the host whose quarantine you want to remove from the Pensando PSM server.

Output

The output contains the following populated JSON schema:
{
"result": "",
"api_data": ""
}

operation: Add IOC IPs to Blocklist

Input parameters

Parameter Description
IOC IP Address(es) Specify the IP addresses that you want to add to the block list on the Pensando PSM server. You can specify IP addresses in a comma-separated list or a JSON array. For example, '10.1.1.1, 192.168.1.1' or '["10.1.1.1", "192.168.1.1"]'

Output

The output contains the following populated JSON schema:
{
"result": "",
"api_data": ""
}

operation: Remove IOC IPs from Blocklist

Input parameters

Parameter Description
IOC IP Address(es) Specify the IP addresses that you want to remove from the block list on the Pensando PSM server. You can specify IP addresses in a comma-separated list or a JSON array. For example, '10.1.1.1, 192.168.1.1' or '["10.1.1.1", "192.168.1.1"]'

Output

The output contains the following populated JSON schema:
{
"result": "",
"api_data": ""
}

operation: Remove IOC Blocklist

Input parameters

None.

Output

The output contains the following populated JSON schema:
{
"result": "",
"api_data": ""
}

Included playbooks

The Sample - Pensando Policy Service Manager - 1.0.1 playbook collection comes bundled with the Pensando Policy Service Manager connector. These playbooks contain steps using which you can perform all supported actions. You can see bundled playbooks in the Automation > Playbooks section in FortiSOAR™ after importing the Pensando Policy Service Manager connector.

Note: If you are planning to use any of the sample playbooks in your environment, ensure that you clone those playbooks and move them to a different collection since the sample playbook collection gets deleted during connector upgrade and delete.

Previous
Next