Overview
FortiSOAR™ provides you with a number of pre-installed connectors or built-ins, such as the IMAP or Database connectors that you can use within FortiSOAR™ playbooks, as a connector step, and perform automated operations. These connectors are bundled and named based on the type of operations the connectors can perform. For example, the Database connector would contain actions that you can perform with respect to the database like querying the database. It is easy to extend and enhance these connectors.
Apart from the FortiSOAR™ Built-in connectors, Fortinet also provides a number of connectors for popular integrations like SIEMs, such as FortiSIEM, Splunk, etc., and Ticketing systems such as Jira. You can see a list of published connectors on the FortiSOAR Connectors Documentation site.
The process of installing, configuring, and using connectors is defined in the Introduction to connectors chapter in the "Connectors Guide", which is part of the FortiSOAR™ documentation or see the Installing a connector and Configuring a connector articles.
FortiSOAR™ Built-in connectors are upgraded by default with a FortiSOAR™ upgrade. Use the Content Hub to upgrade your connectors to the latest version, in case you want to only upgrade the connectors and not FortiSOAR™. For more information on the connector store, see the Introduction to connectors chapter and see the FortiSOAR Built-in connectors article.
Important: Before you upgrade your FortiSOAR™ version, it is highly recommended that you take a backup of your FortiSOAR™ Built-in connector's (SSH, IMAP, Database, etc.) configuration since the configuration of your FortiSOAR™ Built-in connectors might be reset if there are changes to the configuration parameters across versions.
Phishing Classifier
The Phishing Classifier connector leverages Machine Learning (ML) to classify records (emails) into 'Phishing' and 'Non Phishing'.
IMPORTANT: Version 1.0.1 or later of the Phishing Classifier connector is supported on FortiSOAR release 7.3.0 or later. Therefore, it is recommended not to install or upgrade the Phishing Classifier connector v1.0.1 on FortiSOAR releases earlier than 7.3.0, such as FortiSOAR release 7.2.2, 7.2.1, etc.
Version information
Connector Version: 1.0.1
Authored By: Fortinet.
Certified: Yes
NOTE: Version 1.0.1 or later of the Phishing Classifier connector is compatible with FortiSOAR release 7.3.0 or later.
Release Notes for version 1.0.1
Following enhancements have been made to the Phishing Classifier connector in version 1.0.1:
- Enhanced the Phishing Classifier connector to support updating this connector seamlessly in the case of a containerized environment.
- Updated the 'Documentation' link to point to the specific version of the Phishing Classifier connector.
Configuring the connector
You must be an 'Administrator' with 'Security' rights on FortiSOAR to configure the Phishing Classifier connector. If you have appropriate rights, navigate to the Recommendation Engine > Phishing Classification tab on the System Configuration page and configure the Phishing Classifier connector. For more information on the 'Phishing Classification' and how to configure the Phishing Classifier connector, see the "Phishing Classification" topic in the Application Editor chapter in the "Administration Guide", which is part of the FortiSOAR™ product documentation.
Actions supported by the connector
The following automated operations can be included in playbooks and you can also use the annotations to access operations:
| Function |
Description |
| Train |
Trains the dataset using the parameters you have specified while configuring the connector.
You can choose the following methods to train the connector:
- FortiSOAR Module: The connector integrates with FortiSOAR modules, so you can choose to train the connector using data present in your FortiSOAR system.
- Pre-trained Module: You can also choose to use a pre-trained module that is shipped along with the connector so that you can use the connector from day one.
|
| Predict |
Predicts the field value for specified fields in the records you have specified. |
| Get Training Results |
Retrieves the results of the training. |
operation: Train
Input parameters
None.
operation: Predict
Input parameters
| Parameter |
Description |
| Record |
Specify the record IRI(s) for which you want to predict the specified field values. |
operation: Get Training Results
Input parameters
None.
Troubleshooting
Post-upgrade the phishing classifier connector displays older dater
Version 1.0.1 or later of the Phishing Classifier connector is supported on FortiSOAR release 7.3.0 or later. Therefore, it is recommended not to install or upgrade the Phishing Classifier connector v1.0.1 on FortiSOAR releases earlier than 7.3.0, such as FortiSOAR release 7.2.2, 7.2.1, etc. However, if you have upgraded the Phishing Classifier connector to 1.0.1 or later on a FortiSOAR release prior to 7.3.0, for example, release 7.2.1, then the phishing classifier connector uses stale data. To resolve this issue, do the following:
Resolution
- Restart the
uwsgi service using the following command:
# systemctl restart uwsgi
The Phishing Classifier connector configuration page displays an 'internal server error'.
- To solve the internal server error, delete the configuration of the phishing classifier connector from your FortiSOAR instance and reconfigure the phishing classifier connector by adding a new configuration.
