FortiRecon is a Digital Risk Protection Service (DRPS) product that provides an outside-the-network view of the risks posed to your enterprise.
This document provides information about the Fortinet FortiRecon EASM Connector, which facilitates automated interactions, with a Fortinet FortiRecon EASM server using FortiSOAR™ playbooks. Add the Fortinet FortiRecon EASM Connector as a step in FortiSOAR™ playbooks and perform automated operations with Fortinet FortiRecon EASM.
Connector Version: 1.1.0
FortiSOAR™ Version Tested on: 7.5.0-4015
Fortinet FortiRecon EASM Version Tested on: Version: v23.3.a
Authored By: Fortinet
Certified: Yes
Following enhancements have been made to the Fortinet FortiRecon EASM Connector in version 1.1.0:
Get Report Link parameter in Get Report action.Use the Content Hub to install the connector. For the detailed procedure to install a connector, click here.
You can also use the following yum command as a root user to install connectors from an SSH session:
yum install cyops-connector-fortinet-fortirecon-easm
For the procedure to configure a connector, click here.
In FortiSOAR™, on the Connectors page, click the Fortinet FortiRecon EASM connector row (if you are in the Grid view on the Connectors page) and in the Configurations tab enter the required configuration details:
| Parameter | Description |
|---|---|
| Server URL | Server name or IP address to which you will connect and perform the automated operations. |
| API Key | API key to access the endpoint server to which you connect and perform the automated operations. |
| Organization ID | The organization ID on which FortiRecon operations are to be performed. |
| Verify SSL | Specifies whether the SSL certificate for the server is to be verified. By default, this option is selected, i.e., set to True. |
The following automated operations can be included in playbooks and you can also use the annotations to access operations:
| Function | Description | Annotation and Category |
|---|---|---|
| Get Leaked Credentials | Retrieves a list of leaked credentials related to the organization ID based on the keyword to search, breach ID, and date-time range you have specified. | get_leaked_credentials Investigation |
| Get Scan Statistics | Retrieves statistics related to the EASM scan related to the organization ID specified in the configuration parameters. The response includes a count of the total, online, and newly discovered assets for the current and previous scans. | get_scan_statistics Investigation |
| Get Issues Discovered | Retrieves a list of security issues related to assets discovered in the most recent EASM scan based on the filter criteria like issue status, severity, and the country codes (US, IN) you have specified. |
get_issues_discovered Investigation |
| Get Issue By ID | Retrieves details about a specific security issue based on the unique issue ID you have specified. | get_issue_by_id Investigation |
| Get Issue Summary | Retrieves the statistics related to security issues discovered in the most recent EASM scan. The response includes a count of the total discovered issues, along with the severity-wise count. | get_issue_summary Investigation |
| Get Archived Issues | Retrieves a list of security issues that have been marked as either Risk Accepted or False Positive based on the asset you have specified. | get_archived_issues Investigation |
| Get Archived Assets | Retrieves a list of assets that have been marked as either Risk Accepted or False Positive. | get_archived_assets Investigation |
| Get Asset ASNs | Retrieves a list of Autonomous System Numbers (ASNs) discovered in the latest EASM scan based on the asset you have specified. | get_asset_asns Investigation |
| Get ASNs by Asset ID | Retrieves details about a specific Autonomous System Number(ASN) based on the asset ID you have specified. | get_asns_by_asset_id Investigation |
| Get Domains | Retrieves a list of domains discovered in the latest EASM scan based on the filter criteria like ports, technologies, and assets you have specified. | get_domains Investigation |
| Get Domain by Asset ID | Retrieves domain details based on the asset ID you have specified. | get_domain_by_asset_id Investigation |
| Get IPs | Retrieves a list of IP addresses discovered in the latest EASM scan based on the filter criteria like ports, country codes, and assets you have specified. | get_ips Investigation |
| Get IP by Asset ID | Retrieves IP address details based on the asset ID you have specified. | get_ips_by_asset_id Investigation |
| Get Prefixes | Retrieves a list of IP prefixes discovered in the latest EASM scan based on the filter criteria like ASN and assets you have specified. | get_prefixes Investigation |
| Get Prefixes by Asset ID | Retrieves details about a specific IP prefix based on the asset ID you have specified. | get_prefixes_by_asset_id Investigation |
| Get Subdomains | Retrieves a list of subdomains discovered in the latest EASM scan based on the filter criteria like ports, technologies, and assets you have specified. | get_subdomains Investigation |
| Get Subdomain by Asset ID | Retrieves subdomain details based on the asset ID you have specified. | get_subdomain_by_asset_id Investigation |
| Get Asset Statistics | Retrieves the statistics related to assets discovered in the most recent EASM scan. The response includes a count of the total discovered and online assets. | get_asset_statistics Investigation |
| Get Breaches | Retrieves a list of credential breaches related to the organization ID based on the keyword to search and other details you have specified. | get_breaches Investigation |
| Get Breaches by ID | Retrieves details about a specific credential breach based on the breach ID you have specified. | get_breaches_by_id Investigation |
| Generate Report | Initiates the report generation for the latest EASM scan. | generate_report Investigation |
| Get Report | Checks the status of the generated EASM report based on the report ID you have specified. The response contains the s3 URL of the report to download if generated. | get_report Investigation |
| Get Exposed Services | Retrieves a list of exposed services in the latest EASM scan based on the filter criteria like asset, ports, services, and products, etc. | get_exposed_services Investigation |
| Get Cloud Integrations | Retrieves a list of cloud integrations based on the filter criteria like provider, connection_status. | get_cloud_integrations Investigation |
| Get FortiGate Integrations | Retrieves a list of FortiGate integrations based on input parameters specified. | get_fgt_integrations Investigation |
| Get Security Insights | Retrieves the security insights on dns configurations for the given domain. | get_security_insights Investigation |
| Get Archived Issue Comments | Retrieves a list of comments for given archived issue ID. | get_archived_issue_comments Investigation |
| Get Issue Comments | Retrieves a list of comments for given issue ID. | get_issue_comments Investigation |
| Get Tags | Retrieves a list of tags based on scope, name and other parameters specified. | get_tags Investigation |
| Get Tag Details | Retrieves a specific tag details based on tag ID specified. | get_tag_by_id Investigation |
| Get Groups | Retrieves a list of groups based on scope, name and other parameters specified. | get_groups Investigation |
| Get Group Details | Retrieves a specific group details based on group ID specified. | get_group_by_id Investigation |
| Parameter | Description |
|---|---|
| Keyword | (Optional) Specify the text to search in email address and breach name. Specified keywords are searched in these fields: email, breach name, and domain. For example, if you specify user@example.com, the response filters out results and fetches credentials exposed for user@example.com. |
| Breach ID | (Optional) Specify the breach ID to filter the leaked credentials received. |
| Email ID | (Optional) Specify the email ID to filter the leaked credentials retrieved. |
| Domain | (Optional) Specify the domain to filter the leaked credentials retrieved. |
| Status | (Optional) Specify the status to filter the leaked credentials retrieved. |
| Has Password | (Optional) Specify whether to filter the leaked credential list based on whether the credentials contain passwords. |
| Start Date | (Optional) Specify the start date to filter the credential leak discovery date. Default is last 6 months. |
| End Date | (Optional) Specify the end date to filter the credential leak discovery date. The default is the current day's date. |
| Page | (Optional) Specify the page number from which you want to retrieve records. By default, it is set to 1. |
| Size | (Optional) Specify the maximum number of records that this operation should return for the specified page. By default, this operation retrieves 10 records. Minimum permissible value is 0 and maximum is 500. |
The output contains the following populated JSON schema:
{
"total": "",
"page": "",
"size": "",
"hits": [
{
"email": "",
"domain": "",
"status": "",
"added_on": "",
"breach_id": "",
"breach_date": "",
"breach_name": "",
"has_password": ""
}
]
}
| Parameter | Description |
|---|---|
| Tags In (Match Any) | (Optional) Specify the tag ID to filter retrieved results. You can specify multiple tag IDs as comma-separated values. It returns results if it matches any of the specified tags, operating as an 'OR filter'. |
| Tags In (Match All) | (Optional) Specify the tag ID to filter retrieved results. You can specify multiple tag IDs as comma-separated values. It returns results if it matches all of the specified tags, operating as an 'AND filter'. |
| Groups In (Match Any) | (Optional) Specify the group ID to filter retrieved results. You can specify multiple group IDs as comma-separated values. It returns results if it matches any of the specified groups, operating as an 'OR filter'. |
| Groups In (Match All) | (Optional) Specify the group ID to filter retrieved results. You can specify multiple group IDs as comma-separated values. It returns results if it matches all of the specified groups, operating as an 'AND filter'. |
The output contains the following populated JSON schema:
{
"current_scan": {
"assets": {
"disappeared": {
"asn": "",
"domain": "",
"ip_address": "",
"ip_block": "",
"sub_domain": ""
},
"live": "",
"newly_discovered": {
"asn": "",
"domain": "",
"ip_address": "",
"ip_block": "",
"sub_domain": ""
},
"total": ""
},
"completed_ts": ""
},
"previous_scan": {
"assets": {
"live": "",
"total": ""
},
"completed_ts": ""
}
}
| Parameter | Description |
|---|---|
| Status | (Optional) Select the status to filter the results. You can choose from the following options:
|
| Severity | (Optional) Select the severity to filter the results. You can choose from the following options:
|
| Countries | (Optional) Specify the country code to filter the discovered issues. Specify the countries as comma-separated values to get all those results that have any of the specified countries. For example: IN,US |
| Bucket ID | (Optional) Specify the bucket IDs to filter the results. You can choose from the following options:
|
| Issue Name Identifier | (Optional) Specify the issue name identifiers to filter the results, as comma-separated values. For example: ip_blacklist,cve_2019_1234 |
| Asset Type | (Optional) Select the asset type to filter the discovered issues. You can choose from the following options:
|
| Asset | (Optional) Specify the asset to filter the results. For example: test.example.com |
| Search Type | (Optional) Specify the search type to filter the retrieved issues.
NOTE: Use Asset parameter, along with this parameter, to search. |
| Tags In (Match Any) | (Optional) Specify the tag ID to filter retrieved results. You can specify multiple tag IDs as comma-separated values. It returns results if it matches any of the specified tags, operating as an 'OR filter'. |
| Tags In (Match All) | (Optional) Specify the tag ID to filter retrieved results. You can specify multiple tag IDs as comma-separated values. It returns results if it matches all of the specified tags, operating as an 'AND filter'. |
| Groups In (Match Any) | (Optional) Specify the group ID to filter retrieved results. You can specify multiple group IDs as comma-separated values. It returns results if it matches any of the specified groups, operating as an 'OR filter'. |
| Groups In (Match All) | (Optional) Specify the group ID to filter retrieved results. You can specify multiple group IDs as comma-separated values. It returns results if it matches all of the specified groups, operating as an 'AND filter'. |
| After Primary Scan | (Optional) Select whether to fetch results for items created before or after the primary scan. You can choose from following options:
|
| Page | (Optional) Specify the page number from which you want to retrieve records. By default, it is set to 1. |
| Size | (Optional) Specify the maximum number of records that this operation should return for the specified page. By default, this operation retrieves 10 records. Minimum permissible value is 0 and maximum is 500. |
The output contains the following populated JSON schema:
{
"hits": [
{
"tags": [
{
"id": "",
"name": ""
}
],
"groups": [
{
"id": "",
"name": ""
}
],
"id": "",
"issue_name": "",
"asset": "",
"asset_type": "",
"country": "",
"severity": "",
"port": "",
"bucket": "",
"status": "",
"user_name": "",
"issue_name_identifier": "",
"bucket_id": ""
}
],
"page": "",
"size": "",
"total": ""
}
| Parameter | Description |
|---|---|
| Issue ID | Specify the issue ID to get details about that specific security issue. |
The output contains the following populated JSON schema:
{
"tags": [
{
"id": "",
"name": ""
}
],
"groups": [
{
"id": "",
"name": ""
}
],
"id": "",
"issue_name": "",
"asset": "",
"asset_type": "",
"country": "",
"severity": "",
"port": "",
"bucket": "",
"status": "",
"user_name": "",
"issue_name_identifier": "",
"bucket_id": ""
}
| Parameter | Description |
|---|---|
| Tags In (Match Any) | (Optional) Specify the tag ID to filter retrieved results. You can specify multiple tag IDs as comma-separated values. It returns results if it matches any of the specified tags, operating as an 'OR filter'. |
| Tags In (Match All) | (Optional) Specify the tag ID to filter retrieved results. You can specify multiple tag IDs as comma-separated values. It returns results if it matches all of the specified tags, operating as an 'AND filter'. |
| Groups In (Match Any) | (Optional) Specify the group ID to filter retrieved results. You can specify multiple group IDs as comma-separated values. It returns results if it matches any of the specified groups, operating as an 'OR filter'. |
| Groups In (Match All) | (Optional) Specify the group ID to filter retrieved results. You can specify multiple group IDs as comma-separated values. It returns results if it matches all of the specified groups, operating as an 'AND filter'. |
| After Primary Scan | (Optional) Select whether to fetch results for items created before or after the primary scan. You can choose from following options:
|
The output contains the following populated JSON schema:
{
"total": "",
"critical": "",
"high": "",
"low": "",
"medium": ""
}
| Parameter | Description |
|---|---|
| Status | (Optional) Select the status to filter the retrieved archived issues. You can choose from the following options:
|
| Asset Type | (Optional) Select the asset type to filter the retrieved archived issues. You can choose from following options:
|
| Asset | (Optional) Specify the asset to filter the retrieved archived issues. For example: asset.example.com |
| Tags In (Match Any) | (Optional) Specify the tag ID to filter retrieved results. You can specify multiple tag IDs as comma-separated values. It returns results if it matches any of the specified tags, operating as an 'OR filter'. |
| Tags In (Match All) | (Optional) Specify the tag ID to filter retrieved results. You can specify multiple tag IDs as comma-separated values. It returns results if it matches all of the specified tags, operating as an 'AND filter'. |
| Groups In (Match Any) | (Optional) Specify the group ID to filter retrieved results. You can specify multiple group IDs as comma-separated values. It returns results if it matches any of the specified groups, operating as an 'OR filter'. |
| Groups In (Match All) | (Optional) Specify the group ID to filter retrieved results. You can specify multiple group IDs as comma-separated values. It returns results if it matches all of the specified groups, operating as an 'AND filter'. |
| Page | (Optional) Specify the page number from which you want to retrieve records. By default, it is set to 1. |
| Size | (Optional) Specify the maximum number of records that this operation should return for the specified page. By default, this operation retrieves 10 records. Minimum permissible value is 0 and maximum is 500. |
The output contains the following populated JSON schema:
{
"hits": [
{
"asset": "",
"asset_type": "",
"groups": [
{
"id": "",
"name": ""
}
],
"id": "",
"issue_name": "",
"port": "",
"status": "",
"tags": [
{
"id": "",
"name": ""
}
],
"user_name": ""
}
],
"page": "",
"size": "",
"total": ""
}
| Parameter | Description |
|---|---|
| User Action | (Optional) Select the user action based on which to filter the fetched archived assets. You can choose from the following options:
|
| Asset Type | (Optional) Select the asset type to filter the archived assets. You can choose from the following options:
|
| Asset | (Optional) Specify the asset to filter the retrieved archived assets. For example: asset.example.com |
| Tags In (Match Any) | (Optional) Specify the tag ID to filter retrieved results. You can specify multiple tag IDs as comma-separated values. It returns results if it matches any of the specified tags, operating as an 'OR filter'. |
| Tags In (Match All) | (Optional) Specify the tag ID to filter retrieved results. You can specify multiple tag IDs as comma-separated values. It returns results if it matches all of the specified tags, operating as an 'AND filter'. |
| Groups In (Match Any) | (Optional) Specify the group ID to filter retrieved results. You can specify multiple group IDs as comma-separated values. It returns results if it matches any of the specified groups, operating as an 'OR filter'. |
| Groups In (Match All) | (Optional) Specify the group ID to filter retrieved results. You can specify multiple group IDs as comma-separated values. It returns results if it matches all of the specified groups, operating as an 'AND filter'. |
| Page | (Optional) Specify the page number from which you want to retrieve records. By default, it is set to 1. |
| Size | (Optional) Specify the maximum number of records that this operation should return for the specified page. By default, this operation retrieves 10 records. Minimum permissible value is 0 and maximum is 500. |
The output contains the following populated JSON schema:
{
"hits": [
{
"asset": "",
"asset_type": "",
"groups": [
{
"id": "",
"name": ""
}
],
"id": "",
"tags": [
{
"id": "",
"name": ""
}
],
"user_action": "",
"user_name": ""
}
],
"page": "",
"size": "",
"total": ""
}
| Parameter | Description |
|---|---|
| Search Type | (Optional) Specify the search type to filter the results.
NOTE: Use Asset parameter to search along with this parameter. |
| Asset | (Optional) Specify the asset to filter the results. For example: AS0000. |
| Tags In (Match Any) | (Optional) Specify the tag ID to filter retrieved results. You can specify multiple tag IDs as comma-separated values. It returns results if it matches any of the specified tags, operating as an 'OR filter'. |
| Tags In (Match All) | (Optional) Specify the tag ID to filter retrieved results. You can specify multiple tag IDs as comma-separated values. It returns results if it matches all of the specified tags, operating as an 'AND filter'. |
| Groups In (Match Any) | (Optional) Specify the group ID to filter retrieved results. You can specify multiple group IDs as comma-separated values. It returns results if it matches any of the specified groups, operating as an 'OR filter'. |
| Groups In (Match All) | (Optional) Specify the group ID to filter retrieved results. You can specify multiple group IDs as comma-separated values. It returns results if it matches all of the specified groups, operating as an 'AND filter'. |
| After Primary Scan | (Optional) Select whether to fetch results for items created before or after the primary scan. You can choose from following options:
|
| Discovered By FortiGate Integration | (Optional) Select whether to fetch assets discovered via FortiGate integrations. You can choose from following options:
|
| Cloud Metadata | (Optional) Specify the cloud metadata in JSON format to filter the results. Available fields are: integration_id, cloud_provider, account_id, resource_id, resource_group, resource_name, resource_type, region, and subscription_id. For example:
{
"cloud_provider": [
"azure"
],
"region": [
"westus2"
],
"integration_id": [
"777408f550e5rrdd1hjf3w90"
],
"resource_name": [
"TestAssetsPublic"
]
}
|
| Page | (Optional) Specify the page number from which you want to retrieve records. By default, it is set to 1. |
| Size | (Optional) Specify the maximum number of records that this operation should return for the specified page. By default, this operation retrieves 10 records. Minimum permissible value is 0 and maximum is 500. |
The output contains the following populated JSON schema:
{
"hits": [
{
"asset": "",
"assets_linked_count": "",
"company_name": "",
"fgt_metadata": {},
"groups": [
{
"id": "",
"name": ""
}
],
"id": "",
"tags": [
{
"id": "",
"name": ""
}
]
}
],
"page": "",
"size": "",
"total": ""
}
| Parameter | Description |
|---|---|
| Asset ID | Specify the asset ID to retrieve the ASN details. |
| Linked Assets | (Optional) Select to retrieve linked assets. By default it is unchecked and set to False. |
The output contains the following populated JSON schema:
Output schema when you choose Linked Assets as false:
{
"groups": [
{
"id": "",
"name": ""
}
],
"tags": [
{
"id": "",
"name": ""
}
],
"id": "",
"asset": "",
"assets_linked_count": "",
"company_name": "",
"fgt_metadata": {},
"discovery_path": [
{
"source": "",
"module": "",
"name": "",
"target": "",
"data_type": ""
}
]
}
Output schema when you choose Linked Assets as true:
{
"groups": [
{
"id": "",
"name": ""
}
],
"tags": [
{
"id": "",
"name": ""
}
],
"id": "",
"asset": "",
"assets_linked_count": "",
"company_name": "",
"fgt_metadata": {},
"discovery_path": [
{
"source": "",
"module": "",
"name": "",
"target": "",
"data_type": ""
}
],
"assets_linked": []
}
| Parameter | Description |
|---|---|
| Ports | (Optional) Specify the ports to filter retrieved domains. Specify the ports as comma-separated values to get only those results that have all of the specified ports. For example 8080,443 |
| Technologies | (Optional) Specify the ports to filter retrieved domains. Specify a comma-separated string or a single string. For example MySQL,Bootstrap |
| Asset | (Optional) Specify the asset to filter retrieved domains. |
| Search Type | (Optional) Specify the search type to filter retrieved domains.
NOTE: Use Asset parameter to search along with this parameter. |
| Tags In (Match Any) | (Optional) Specify the tag ID to filter retrieved results. You can specify multiple tag IDs as comma-separated values. It returns results if it matches any of the specified tags, operating as an 'OR filter'. |
| Tags In (Match All) | (Optional) Specify the tag ID to filter retrieved results. You can specify multiple tag IDs as comma-separated values. It returns results if it matches all of the specified tags, operating as an 'AND filter'. |
| Groups In (Match Any) | (Optional) Specify the group ID to filter retrieved results. You can specify multiple group IDs as comma-separated values. It returns results if it matches any of the specified groups, operating as an 'OR filter'. |
| Groups In (Match All) | (Optional) Specify the group ID to filter retrieved results. You can specify multiple group IDs as comma-separated values. It returns results if it matches all of the specified groups, operating as an 'AND filter'. |
| After Primary Scan | (Optional) Select whether to fetch results for items created before or after the primary scan. You can choose from following options:
|
| Discovered By FortiGate Integration | (Optional) Select whether to fetch domains discovered via FortiGate integrations. You can choose from following options:
|
| Is Live | (Optional) Select whether to fetch domains that are live. You can choose from following options:
|
| Discovered By Cloud Integration | (Optional) Select whether to fetch domains discovered via Cloud integrations. You can choose from following options:
|
| Cloud Metadata | (Optional) Specify the cloud metadata in JSON format to filter the results. Available fields are: integration_id, cloud_provider, account_id, resource_id, resource_group, resource_name, resource_type, region, and subscription_id. For example:
{
"cloud_provider": [
"azure"
],
"region": [
"westus2"
],
"integration_id": [
"777408f550e5rrdd1hjf3w90"
],
"resource_name": [
"TestAssetsPublic"
]
}
|
| Page | (Optional) Specify the page number from which you want to retrieve records. By default, it is set to 1. |
| Size | (Optional) Specify the maximum number of records that this operation should return for the specified page. By default, this operation retrieves 10 records. Minimum permissible value is 0 and maximum is 500. |
The output contains the following populated JSON schema:
{
"asset": "",
"assets_linked_count": "",
"cloud_metadata": {
"region": "",
"resource_id": "",
"resource_name": "",
"resource_type": "",
"cloud_provider": "",
"resource_group": "",
"customer_integration_name": ""
},
"confidence": "",
"domain_expiry": "",
"fgt_metadata": {
"virtual_ip": [
{
"name": "",
"protocol": "",
"mapped_ip": "",
"mapped_ports": "",
"external_ports": "",
"mapped_device_mac": "",
"mapped_device_os_name": ""
}
],
"interface_id": "",
"integration_id": "",
"interface_name": "",
"integration_type": "",
"customer_integration_name": ""
},
"groups": [
{
"id": "",
"name": ""
}
],
"id": "",
"ip_address": "",
"nameserver": [],
"original_ip": [],
"ports": [],
"ssl_cert_org": "",
"tags": [
{
"id": "",
"name": ""
}
],
"technologies": []
}
| Parameter | Description |
|---|---|
| Asset ID | Specify the asset ID to retrieve its associated domain details. |
| Linked Assets | (Optional) Select to retrieve linked assets. By default it is unchecked and set to false. |
The output contains the following populated JSON schema:
Output schema when you choose Linked Assets as false:
{
"tags": [
{
"id": "",
"name": ""
}
],
"groups": [
{
"id": "",
"name": ""
}
],
"id": "",
"asset": "",
"ports": [],
"ssl_cert_org": "",
"ip_address": "",
"technologies": [],
"confidence": "",
"domain_expiry": "",
"nameserver": [],
"original_ip": [],
"cloud_metadata": {
"region": "",
"resource_id": "",
"resource_name": "",
"resource_type": "",
"cloud_provider": "",
"resource_group": "",
"customer_integration_name": ""
},
"fgt_metadata": {
"customer_integration_name": "",
"integration_id": "",
"integration_type": "",
"interface_id": "",
"interface_name": "",
"virtual_ip": [
{
"external_ports": "",
"mapped_device_mac": "",
"mapped_device_os_name": "",
"mapped_ip": "",
"mapped_ports": "",
"name": "",
"protocol": ""
}
]
},
"assets_linked_count": "",
"issue_count": "",
"discovery_path": [
{
"source": "",
"module": "",
"name": "",
"target": "",
"data_type": ""
}
]
}
Output schema when you choose Linked Assets as true:
{
"tags": [
{
"id": "",
"name": ""
}
],
"groups": [
{
"id": "",
"name": ""
}
],
"id": "",
"asset": "",
"ports": [],
"ssl_cert_org": "",
"ip_address": "",
"technologies": [],
"confidence": "",
"domain_expiry": "",
"nameserver": [],
"original_ip": [],
"cloud_metadata": {
"region": "",
"resource_id": "",
"resource_name": "",
"resource_type": "",
"cloud_provider": "",
"resource_group": "",
"customer_integration_name": ""
},
"fgt_metadata": {
"customer_integration_name": "",
"integration_id": "",
"integration_type": "",
"interface_id": "",
"interface_name": "",
"virtual_ip": [
{
"external_ports": "",
"mapped_device_mac": "",
"mapped_device_os_name": "",
"mapped_ip": "",
"mapped_ports": "",
"name": "",
"protocol": ""
}
]
},
"assets_linked_count": "",
"issue_count": "",
"discovery_path": [
{
"source": "",
"module": "",
"name": "",
"target": "",
"data_type": ""
}
],
"assets_linked": []
}
| Parameter | Description |
|---|---|
| Ports | (Optional) Specify the ports to filter the retrieved IP addresses. Specify the ports as comma-separated values to get only those results that have ALL of the specified ports. For example: 8080,443. |
| Countries | (Optional) Specify the country code to filter the discovered issues. Specify the countries as comma-separated values to get all those results that have ANY of the specified countries. For example: IN,US |
| Asset | (Optional) Specify the asset to filter the retrieved IP addresses. |
| Search Type | (Optional) Select the search type to filter the retrieved IPs. You can choose from the following options:
NOTE: Use Asset parameter to search along with this parameter. |
| IP Prefix | (Optional) Specify an IP address prefix to filter the retrieved IP addresses. |
| Version | (Optional) Select the IP version by which to retrieve records. You can choose from following options:
|
| Tags In (Match Any) | (Optional) Specify the tag ID to filter retrieved results. You can specify multiple tag IDs as comma-separated values. It returns results if it matches any of the specified tags, operating as an 'OR filter'. |
| Tags In (Match All) | (Optional) Specify the tag ID to filter retrieved results. You can specify multiple tag IDs as comma-separated values. It returns results if it matches all of the specified tags, operating as an 'AND filter'. |
| Groups In (Match Any) | (Optional) Specify the group ID to filter retrieved results. You can specify multiple group IDs as comma-separated values. It returns results if it matches any of the specified groups, operating as an 'OR filter'. |
| Groups In (Match All) | (Optional) Specify the group ID to filter retrieved results. You can specify multiple group IDs as comma-separated values. It returns results if it matches all of the specified groups, operating as an 'AND filter'. |
| After Primary Scan | (Optional) Select whether to fetch results for items created before or after the primary scan. You can choose from following options:
|
| Discovered By FortiGate Integration | (Optional) Select whether to fetch IP addresses discovered via FortiGate integrations. You can choose from following options:
|
| Is Live | (Optional) Select whether to fetch IP addresses that are live. You can choose from following options:
|
| Discovered By Cloud Integration | (Optional) Select whether to fetch IP addresses discovered via Cloud integrations. You can choose from following options:
|
| Cloud Metadata | (Optional) Specify the cloud metadata in JSON format to filter the results. Available fields are: integration_id, cloud_provider, account_id, resource_id, resource_group, resource_name, resource_type, region, and subscription_id. For example:
{
"cloud_provider": [
"azure"
],
"region": [
"westus2"
],
"integration_id": [
"777408f550e5rrdd1hjf3w90"
],
"resource_name": [
"TestAssetsPublic"
]
}
|
| Page | (Optional) Specify the page number from which you want to retrieve records. By default, it is set to 1. |
| Size | (Optional) Specify the maximum number of records that this operation should return for the specified page. By default, this operation retrieves 10 records. Minimum permissible value is 0 and maximum is 500. |
The output contains the following populated JSON schema:
{
"total": "",
"page": "",
"size": "",
"hits": [
{
"tags": [
{
"id": "",
"name": ""
}
],
"groups": [
{
"id": "",
"name": ""
}
],
"id": "",
"ip_prefix": "",
"asset": "",
"ports": [],
"cloud_metadata": {},
"fgt_metadata": {},
"assets_linked_count": "",
"version": ""
}
]
}
| Parameter | Description |
|---|---|
| Asset ID | Specify the asset ID to retrieve the IP address details. |
| Linked Assets | (Optional) Select to retrieve linked assets. By default it is unchecked and set to False. |
The output contains the following populated JSON schema:
Output schema when you choose Linked Assets as false:
{
"tags": [],
"groups": [
{
"id": "",
"name": ""
}
],
"id": "",
"ip_prefix": "",
"asset": "",
"ports": [],
"cloud_metadata": {},
"fgt_metadata": {},
"assets_linked_count": "",
"version": "",
"issue_count": "",
"discovery_path": [
{
"source": "",
"module": "",
"name": "",
"target": "",
"data_type": ""
}
]
}
Output schema when you choose Linked Assets as true:
{
"tags": [
{
"id": "",
"name": ""
}
],
"groups": [
{
"id": "",
"name": ""
}
],
"id": "",
"ip_prefix": "",
"asset": "",
"ports": [],
"cloud_metadata": {},
"fgt_metadata": {},
"assets_linked_count": "",
"version": "",
"issue_count": "",
"discovery_path": [
{
"source": "",
"module": "",
"name": "",
"target": "",
"data_type": ""
}
],
"assets_linked": []
}
| Parameter | Description |
|---|---|
| Asset | (Optional) Specify the asset to filter the retrieved IP address prefix. For example: 185.161.83.0/24. |
| Search Type | (Optional) Specify the search type to filter the retrieved prefixes.
NOTE: Use Asset parameter to search along with this parameter. |
| ASN | (Optional) Specify the ASN to filter the retrieved IP address prefixes.For example: AS207180 |
| Version | (Optional) Select the IP version by which to filter retrieved records. You can choose from the following options:
|
| Tags In (Match Any) | (Optional) Specify the tag ID to filter retrieved results. You can specify multiple tag IDs as comma-separated values. It returns results if it matches any of the specified tags, operating as an 'OR filter'. |
| Tags In (Match All) | (Optional) Specify the tag ID to filter retrieved results. You can specify multiple tag IDs as comma-separated values. It returns results if it matches all of the specified tags, operating as an 'AND filter'. |
| Groups In (Match Any) | (Optional) Specify the group ID to filter retrieved results. You can specify multiple group IDs as comma-separated values. It returns results if it matches any of the specified groups, operating as an 'OR filter'. |
| Groups In (Match All) | (Optional) Specify the group ID to filter retrieved results. You can specify multiple group IDs as comma-separated values. It returns results if it matches all of the specified groups, operating as an 'AND filter'. |
| After Primary Scan | (Optional) Select whether to fetch results for items created before or after the primary scan. You can choose from following options:
|
| Discovered By FortiGate Integration | (Optional) Select whether to fetch IP addresses discovered via FortiGate integrations. You can choose from following options:
|
| Cloud Metadata | (Optional) Specify the cloud metadata in JSON format to filter the results. Available fields are: integration_id, cloud_provider, account_id, resource_id, resource_group, resource_name, resource_type, region, and subscription_id. For example:
{
"cloud_provider": [
"azure"
],
"region": [
"westus2"
],
"integration_id": [
"777408f550e5rrdd1hjf3w90"
],
"resource_name": [
"TestAssetsPublic"
]
}
|
| Page | (Optional) Specify the page number from which you want to retrieve records. By default, it is set to 1. |
| Size | (Optional) Specify the maximum number of records that this operation should return for the specified page. By default, this operation retrieves 10 records. Minimum permissible value is 0 and maximum is 500. |
The output contains the following populated JSON schema:
{
"hits": [
{
"asn_number": "",
"asset": "",
"assets_linked_count": "",
"company_name": "",
"fgt_metadata": {},
"groups": [
{
"id": "",
"name": ""
}
],
"id": "",
"ip_count": "",
"live_ip_count": "",
"tags": [
{
"id": "",
"name": ""
}
],
"version": ""
}
],
"page": "",
"size": "",
"total": ""
}
| Parameter | Description |
|---|---|
| Asset ID | Specify the asset ID to retrieve the IP prefix details. |
| Linked Assets | (Optional) Select to retrieve linked assets. By default it is unchecked and set to false. |
The output contains the following populated JSON schema:
Output schema when you choose Linked Assets as false:
{
"tags": [
{
"id": "",
"name": ""
}
],
"groups": [
{
"id": "",
"name": ""
}
],
"id": "",
"asn_number": "",
"asset": "",
"company_name": "",
"ip_count": "",
"assets_linked_count": "",
"version": "",
"live_ip_count": "",
"fgt_metadata": {},
"discovery_path": [
{
"name": "",
"module": "",
"source": "",
"target": "",
"data_type": ""
}
]
}
Output schema when you choose Linked Assets as true:
{
"id": "",
"tags": [
{
"id": "",
"name": ""
}
],
"asset": "",
"groups": [
{
"id": "",
"name": ""
}
],
"version": "",
"ip_count": "",
"asn_number": "",
"company_name": "",
"fgt_metadata": {},
"assets_linked": [],
"live_ip_count": "",
"discovery_path": [
{
"name": "",
"module": "",
"source": "",
"target": "",
"data_type": ""
}
],
"assets_linked_count": ""
}
| Parameter | Description |
|---|---|
| Ports | (Optional) Specify the ports to filter the retrieved subdomains. Specify the ports as comma-separated values to get only those results that have ALL of the specified ports. For example: 8080,443. |
| Technologies | (Optional) Specify the technology discovered on subdomain to filter the retrieved subdomains. Specify a comma-separated string or a single string. For example MySQL,Bootstrap. |
| Domain | (Optional) Specify a domain to filter the retrieved subdomains. |
| Asset | (Optional) Specify the asset to filter the retrieved subdomains. |
| Search Type | (Optional) Specify the search type to filter the retrieved subdomains.
NOTE: Use Asset parameter to search along with this parameter. |
| Tags In (Match Any) | (Optional) Specify the tag ID to filter retrieved results. You can specify multiple tag IDs as comma-separated values. It returns results if it matches any of the specified tags, operating as an 'OR filter'. |
| Tags In (Match All) | (Optional) Specify the tag ID to filter retrieved results. You can specify multiple tag IDs as comma-separated values. It returns results if it matches all of the specified tags, operating as an 'AND filter'. |
| Groups In (Match Any) | (Optional) Specify the group ID to filter retrieved results. You can specify multiple group IDs as comma-separated values. It returns results if it matches any of the specified groups, operating as an 'OR filter'. |
| Groups In (Match All) | (Optional) Specify the group ID to filter retrieved results. You can specify multiple group IDs as comma-separated values. It returns results if it matches all of the specified groups, operating as an 'AND filter'. |
| After Primary Scan | (Optional) Select whether to fetch results for items created before or after the primary scan. You can choose from following options:
|
| Discovered By FortiGate Integration | (Optional) Select whether to fetch subdomains discovered via FortiGate integrations. You can choose from following options:
|
| Is Live | (Optional) Select whether to fetch subdomains that are live. You can choose from following options:
|
| Discovered By Cloud Integration | (Optional) Select whether to fetch subdomains discovered via Cloud integrations. You can choose from following options:
|
| Cloud Metadata | (Optional) Specify the cloud metadata in JSON format to filter the results. Available fields are: integration_id, cloud_provider, account_id, resource_id, resource_group, resource_name, resource_type, region, and subscription_id. For example:
{
"cloud_provider": [
"azure"
],
"region": [
"westus2"
],
"integration_id": [
"777408f550e5rrdd1hjf3w90"
],
"resource_name": [
"TestAssetsPublic"
]
}
|
| Page | (Optional) Specify the page number from which you want to retrieve records. By default, it is set to 1. |
| Size | (Optional) Specify the maximum number of records that this operation should return for the specified page. By default, this operation retrieves 10 records. Minimum permissible value is 0 and maximum is 500. |
The output contains the following populated JSON schema:
{
"hits": [
{
"id": "",
"tags": [
{
"id": "",
"name": ""
}
],
"asset": "",
"ports": [],
"groups": [],
"ip_address": "",
"domain_name": "",
"fgt_metadata": {},
"technologies": [],
"cloud_metadata": {}
}
],
"page": "",
"size": "",
"total": ""
}
| Parameter | Description |
|---|---|
| Asset ID | Specify the asset ID to retrieve the subdomain details. |
The output contains the following populated JSON schema:
{
"id": "",
"tags": [
{
"id": "",
"name": ""
}
],
"asset": "",
"ports": [],
"groups": [],
"ip_address": "",
"domain_name": "",
"issue_count": "",
"fgt_metadata": {},
"technologies": [],
"cloud_metadata": {},
"discovery_path": [
{
"name": "",
"module": "",
"source": "",
"target": "",
"data_type": ""
}
]
}
| Parameter | Description |
|---|---|
| Ports | (Optional) Specify the ports to filter the assets statistics. Specify the ports as comma-separated values to get only those results that have ALL of the specified ports. For example: 8080,443. |
| Countries | (Optional) Specify the country code to filter the discovered issues. Specify the countries as comma-separated values to get all those results that have ANY of the specified countries. For example: IN,US |
| Technologies | (Optional) Specify the technologies to filter the assets statistics. Specify a comma-separated string or a single string. For example MySQL,Bootstrap. |
| Tags In (Match Any) | (Optional) Specify the tag ID to filter retrieved results. You can specify multiple tag IDs as comma-separated values. It returns results if it matches any of the specified tags, operating as an 'OR filter'. |
| Tags In (Match All) | (Optional) Specify the tag ID to filter retrieved results. You can specify multiple tag IDs as comma-separated values. It returns results if it matches all of the specified tags, operating as an 'AND filter'. |
| Groups In (Match Any) | (Optional) Specify the group ID to filter retrieved results. You can specify multiple group IDs as comma-separated values. It returns results if it matches any of the specified groups, operating as an 'OR filter'. |
| Groups In (Match All) | (Optional) Specify the group ID to filter retrieved results. You can specify multiple group IDs as comma-separated values. It returns results if it matches all of the specified groups, operating as an 'AND filter'. |
| After Primary Scan | (Optional) Select whether to fetch results for items created before or after the primary scan. You can choose from following options:
|
The output contains the following populated JSON schema:
{
"org_name": "",
"asn_count": "",
"ip_prefix_count": "",
"live_domain_count": "",
"total_domain_count": "",
"billable_assets_count": "",
"live_ip_address_count": "",
"live_sub_domain_count": "",
"total_ip_address_count": "",
"total_sub_domain_count": ""
}
| Parameter | Description |
|---|---|
| Breach Name | (Optional) Specify the breach name to retrieve specific breach details. For example: test-org. The response filters out results and fetches credentials exposed for test-org. |
| Keyword | (Optional) Specify the text to search in breach name, details, and list of compromised data. For example:test-org. The response filters out results and fetches credentials exposed for test-org. |
| Has Password | (Optional) Select to filter the leaked credential list based on whether the credentials contain passwords. |
| Is Relevant | (Optional) Select to filter the leaked credential list related to organization. |
| Page | (Optional) Specify the page number from which you want to retrieve records. By default, it is set to 1. |
| Size | (Optional) Specify the maximum number of records that this operation should return for the specified page. By default, this operation retrieves 10 records. Minimum permissible value is 0 and maximum is 500. |
The output contains the following populated JSON schema:
{
"hits": [
{
"id": "",
"date": "",
"name": "",
"details": "",
"added_on": "",
"has_password": "",
"affected_domains": "",
"compromised_data": "",
"compromised_accounts": ""
}
],
"page": "",
"size": "",
"total": ""
}
| Parameter | Description |
|---|---|
| Breach ID | Specify the breach ID to retrieve the breach details. |
The output contains the following populated JSON schema:
{
"id": "",
"date": "",
"name": "",
"details": "",
"added_on": "",
"has_password": "",
"affected_domains": "",
"compromised_data": "",
"compromised_accounts": ""
}
| Parameter | Description |
|---|---|
| Tags In (Match Any) | (Optional) Specify the tag ID to filter retrieved results. You can specify multiple tag IDs as comma-separated values. It returns results if it matches any of the specified tags, operating as an 'OR filter'. |
| Tags In (Match All) | (Optional) Specify the tag ID to filter retrieved results. You can specify multiple tag IDs as comma-separated values. It returns results if it matches all of the specified tags, operating as an 'AND filter'. |
| Groups In (Match Any) | (Optional) Specify the group ID to filter retrieved results. You can specify multiple group IDs as comma-separated values. It returns results if it matches any of the specified groups, operating as an 'OR filter'. |
| Groups In (Match All) | (Optional) Specify the group ID to filter retrieved results. You can specify multiple group IDs as comma-separated values. It returns results if it matches all of the specified groups, operating as an 'AND filter'. |
The output contains the following populated JSON schema:
{
"report_id": ""
}
| Parameter | Description |
|---|---|
| Report ID | Specify the report ID to retrieve the report details. |
| Get Report Link | (Optional) Select the checkbox to get an S3 link of report file. Clear the checkbox to retrieve file data. By default, this checkbox is cleared, i.e., set to false. |
The output contains the following populated JSON schema:
Output schema when you choose Get Report Link as true:
{
"report_url": ""
}
Output schema when you choose Get Report Link as false:
{
"asn": [],
"domain": [
{
"tags": "",
"asset": "",
"groups": "",
"ip_address": "",
"open_ports": "",
"technologies": "",
"total_issues": "",
"discovery_path": "",
"subdomain_count": ""
}
],
"issues": [
{
"port": "",
"tags": "",
"asset": "",
"groups": "",
"severity": "",
"issue_name": "",
"issue_status": "",
"linked_assets": "",
"issue_category": "",
"recommendations": "",
"additional_details": ""
}
],
"ip_block": [],
"ip_address": [
{
"tags": "",
"asset": "",
"groups": "",
"country": "",
"open_ports": "",
"total_issues": "",
"linked_assets": "",
"discovery_path": ""
}
],
"sub_domain": [
{
"tags": "",
"asset": "",
"groups": "",
"open_ports": "",
"technologies": "",
"total_issues": "",
"linked_assets": "",
"discovery_path": ""
}
],
"organization": [],
"disappeared_assets": [
{
"asset": "",
"asset_type": ""
}
],
"newly_discovered_assets": [
{
"asset": "",
"asset_type": ""
}
]
}
| Parameter | Description |
|---|---|
| Asset | (Optional) Specify the asset to filter the retrieved exposed services.
NOTE: The only supported asset types are the ip address, domain, sub-domain. |
| Ports | (Optional) Specify the ports to filter the retrieved exposed services. Specify the ports as comma-separated values to get only results with ALL the specified ports. For example: 8080,443. |
| Services | (Optional) Specify the services to filter the retrieved exposed services. Specify the services as comma-separated values to get only those results that have ANY of the specified services. For example: http,https. |
| Products | (Optional) Specify the products to filter the retrieved exposed services. Specify a comma-separated string or a single string. For example: nginx, Jetty. |
| Services Banner | (Optional) Specify the keywords in the service banner to filter the retrieved exposed services.
NOTE: Do not use |
| After Primary Scan | (Optional) Select whether to fetch results for items created before or after the primary scan. You can choose from following options:
|
| Has SSL | (Optional) Select whether to fetch assets which have SSL. You can choose from following options:
|
| Page | (Optional) Specify the page number from which you want to retrieve records. By default, it is set to 1. |
| Size | (Optional) Specify the maximum number of records that this operation should return for the specified page. By default, this operation retrieves 10 records. Minimum permissible value is 0 and maximum is 500. |
The output contains the following populated JSON schema:
{
"hits": [
{
"cpe": [],
"domains": [],
"ip_address": "",
"os": "",
"port": "",
"product": "",
"service": "",
"service_banner": "",
"ssl": {},
"subdomains": [],
"version": ""
}
],
"page": "",
"size": "",
"total": ""
}
| Parameter | Description |
|---|---|
| Provider | (Optional) Specify the provider to filter the retrieved cloud integrations. |
| Connection Status | (Optional) Select the connection status to filter the retrieved cloud integrations. You can choose from the following options:
|
| Page | (Optional) Specify the page number from which you want to retrieve records. By default, it is set to 1. |
| Size | (Optional) Specify the maximum number of records that this operation should return for the specified page. By default, this operation retrieves 10 records. Minimum permissible value is 0 and maximum is 500. |
The output contains the following populated JSON schema:
{
"hits": [
{
"name": "",
"provider": "",
"account_id": "",
"policy_errors": [],
"connection_status": ""
}
],
"page": "",
"size": "",
"total": ""
}
| Parameter | Description |
|---|---|
| Connection Status | (Optional) Select the connection status to filter the retrieved FortiGate integrations. |
| Page | (Optional) Specify the page number from which you want to retrieve records. By default, it is set to 1. |
| Size | (Optional) Specify the maximum number of records that this operation should return for the specified page. By default, this operation retrieves 10 records. Minimum permissible value is 0 and maximum is 500. |
The output contains the following populated JSON schema:
{
"hits": [
{
"host": "",
"name": "",
"port": "",
"is_ssl": "",
"verify_ssl": "",
"policy_errors": [],
"connection_status": ""
}
],
"page": "",
"size": "",
"total": ""
}
| Parameter | Description |
|---|---|
| Domain | Specify the domain for which you security insights are to be retrieved. |
The output contains the following populated JSON schema:
{
"authoritative": [
{
"comments": "",
"info": "",
"severity_on_fail": "",
"status": "",
"title": ""
}
],
"parent": [
{
"comments": "",
"info": "",
"severity_on_fail": "",
"status": "",
"title": ""
}
],
"soa": [
{
"comments": "",
"info": "",
"severity_on_fail": "",
"status": "",
"title": ""
}
]
}
| Parameter | Description |
|---|---|
| Issue ID | Specify the ID of the issue whose comments are to be retrieved. |
| Comment Type | (Optional) Select comment type which is to be retrieved for specified issue. You can choose from User or System |
| Page | (Optional) Specify the page number from which you want to retrieve records. By default, it is set to 1. |
| Size | (Optional) Specify the maximum number of records that this operation should return for the specified page. By default, this operation retrieves 10 records. Minimum permissible value is 0 and maximum is 500. |
The output contains the following populated JSON schema:
{
"hits": [
{
"text": "",
"user_name": "",
"comment_type": ""
}
],
"page": "",
"size": "",
"total": ""
}
| Parameter | Description |
|---|---|
| Issue ID | Specify the ID of the issue whose comments are to be retrieved. |
| Comment Type | (Optional) Select comment type which is to be retrieved for specified issue. You can choose from User or System |
| Page | (Optional) Specify the page number from which you want to retrieve records. By default, it is set to 1. |
| Size | (Optional) Specify the maximum number of records that this operation should return for the specified page. By default, this operation retrieves 10 records. Minimum permissible value is 0 and maximum is 500. |
The output contains the following populated JSON schema:
{
"hits": [
{
"text": "",
"user_name": "",
"comment_type": ""
}
],
"page": "",
"size": "",
"total": ""
}
| Parameter | Description |
|---|---|
| Scope | (Optional) Select the scope for which you want to retrieve the tags. You can choose from following options:
|
| Name | (Optional) Specify the name of tag to retrieve. Names are matched partially. |
| Page | (Optional) Specify the page number from which you want to retrieve records. By default, it is set to 1. |
| Size | (Optional) Specify the maximum number of records that this operation should return for the specified page. By default, this operation retrieves 10 records. Minimum permissible value is 0 and maximum is 500. |
The output contains the following populated JSON schema:
{
"hits": [
{
"id": "",
"name": "",
"scope": "",
"description": "",
"linked_assets_count": ""
}
],
"page": "",
"size": "",
"total": ""
}
| Parameter | Description |
|---|---|
| Tag ID | Specify the ID of the tag which is to be retrieved. |
| Linked Asset | (Optional) Select to retrieve linked assets. By default it is unchecked and set to False. |
The output contains the following populated JSON schema:
Output schema when you choose Linked Asset as false:
{
"id": "",
"name": "",
"scope": "",
"description": "",
"linked_assets": [],
"linked_assets_count": ""
}
Output schema when you choose Linked Asset as false:
{
"id": "",
"name": "",
"scope": "",
"description": "",
"linked_assets_count": ""
}
| Parameter | Description |
|---|---|
| Scope | (Optional) Specify the scope for which you want to retrieve the groups. You can choose from System, Client |
| Group Name | (Optional) Specify the name of group which you want to retrieve. Name are matched partially. |
| Page | (Optional) Specify the page number from which you want to retrieve records. By default, it is set to 1. |
| Size | (Optional) Specify the maximum number of records that this operation should return for the specified page. By default, this operation retrieves 10 records. Minimum permissible value is 0 and maximum is 500. |
The output contains the following populated JSON schema:
{
"hits": [
{
"id": "",
"name": "",
"scope": "",
"description": "",
"linked_assets_count": ""
}
],
"page": "",
"size": "",
"total": ""
}
| Parameter | Description |
|---|---|
| Group ID | Specify the ID of the group which is to be retrieved. |
| Linked Asset | (Optional) Select to retrieve linked assets. By default it is unchecked and set to False. |
The output contains the following populated JSON schema:
Output schema when you choose Linked Asset as true:
{
"id": "",
"name": "",
"scope": "",
"description": "",
"linked_assets": [],
"linked_assets_count": ""
}
Output schema when you choose Linked Asset as false:
{
"id": "",
"name": "",
"scope": "",
"description": "",
"linked_assets_count": ""
}
The Sample - Fortinet FortiRecon EASM - 1.1.0 playbook collection comes bundled with the Fortinet FortiRecon EASM connector. These playbooks contain steps using which you can perform all supported actions. You can see bundled playbooks in the Automation > Playbooks section in FortiSOAR™ after importing the Fortinet FortiRecon EASM connector.
Note: If you are planning to use any of the sample playbooks in your environment, ensure that you clone those playbooks and move them to a different collection since the sample playbook collection gets deleted during connector upgrade and delete.
FortiRecon is a Digital Risk Protection Service (DRPS) product that provides an outside-the-network view of the risks posed to your enterprise.
This document provides information about the Fortinet FortiRecon EASM Connector, which facilitates automated interactions, with a Fortinet FortiRecon EASM server using FortiSOAR™ playbooks. Add the Fortinet FortiRecon EASM Connector as a step in FortiSOAR™ playbooks and perform automated operations with Fortinet FortiRecon EASM.
Connector Version: 1.1.0
FortiSOAR™ Version Tested on: 7.5.0-4015
Fortinet FortiRecon EASM Version Tested on: Version: v23.3.a
Authored By: Fortinet
Certified: Yes
Following enhancements have been made to the Fortinet FortiRecon EASM Connector in version 1.1.0:
Get Report Link parameter in Get Report action.Use the Content Hub to install the connector. For the detailed procedure to install a connector, click here.
You can also use the following yum command as a root user to install connectors from an SSH session:
yum install cyops-connector-fortinet-fortirecon-easm
For the procedure to configure a connector, click here.
In FortiSOAR™, on the Connectors page, click the Fortinet FortiRecon EASM connector row (if you are in the Grid view on the Connectors page) and in the Configurations tab enter the required configuration details:
| Parameter | Description |
|---|---|
| Server URL | Server name or IP address to which you will connect and perform the automated operations. |
| API Key | API key to access the endpoint server to which you connect and perform the automated operations. |
| Organization ID | The organization ID on which FortiRecon operations are to be performed. |
| Verify SSL | Specifies whether the SSL certificate for the server is to be verified. By default, this option is selected, i.e., set to True. |
The following automated operations can be included in playbooks and you can also use the annotations to access operations:
| Function | Description | Annotation and Category |
|---|---|---|
| Get Leaked Credentials | Retrieves a list of leaked credentials related to the organization ID based on the keyword to search, breach ID, and date-time range you have specified. | get_leaked_credentials Investigation |
| Get Scan Statistics | Retrieves statistics related to the EASM scan related to the organization ID specified in the configuration parameters. The response includes a count of the total, online, and newly discovered assets for the current and previous scans. | get_scan_statistics Investigation |
| Get Issues Discovered | Retrieves a list of security issues related to assets discovered in the most recent EASM scan based on the filter criteria like issue status, severity, and the country codes (US, IN) you have specified. |
get_issues_discovered Investigation |
| Get Issue By ID | Retrieves details about a specific security issue based on the unique issue ID you have specified. | get_issue_by_id Investigation |
| Get Issue Summary | Retrieves the statistics related to security issues discovered in the most recent EASM scan. The response includes a count of the total discovered issues, along with the severity-wise count. | get_issue_summary Investigation |
| Get Archived Issues | Retrieves a list of security issues that have been marked as either Risk Accepted or False Positive based on the asset you have specified. | get_archived_issues Investigation |
| Get Archived Assets | Retrieves a list of assets that have been marked as either Risk Accepted or False Positive. | get_archived_assets Investigation |
| Get Asset ASNs | Retrieves a list of Autonomous System Numbers (ASNs) discovered in the latest EASM scan based on the asset you have specified. | get_asset_asns Investigation |
| Get ASNs by Asset ID | Retrieves details about a specific Autonomous System Number(ASN) based on the asset ID you have specified. | get_asns_by_asset_id Investigation |
| Get Domains | Retrieves a list of domains discovered in the latest EASM scan based on the filter criteria like ports, technologies, and assets you have specified. | get_domains Investigation |
| Get Domain by Asset ID | Retrieves domain details based on the asset ID you have specified. | get_domain_by_asset_id Investigation |
| Get IPs | Retrieves a list of IP addresses discovered in the latest EASM scan based on the filter criteria like ports, country codes, and assets you have specified. | get_ips Investigation |
| Get IP by Asset ID | Retrieves IP address details based on the asset ID you have specified. | get_ips_by_asset_id Investigation |
| Get Prefixes | Retrieves a list of IP prefixes discovered in the latest EASM scan based on the filter criteria like ASN and assets you have specified. | get_prefixes Investigation |
| Get Prefixes by Asset ID | Retrieves details about a specific IP prefix based on the asset ID you have specified. | get_prefixes_by_asset_id Investigation |
| Get Subdomains | Retrieves a list of subdomains discovered in the latest EASM scan based on the filter criteria like ports, technologies, and assets you have specified. | get_subdomains Investigation |
| Get Subdomain by Asset ID | Retrieves subdomain details based on the asset ID you have specified. | get_subdomain_by_asset_id Investigation |
| Get Asset Statistics | Retrieves the statistics related to assets discovered in the most recent EASM scan. The response includes a count of the total discovered and online assets. | get_asset_statistics Investigation |
| Get Breaches | Retrieves a list of credential breaches related to the organization ID based on the keyword to search and other details you have specified. | get_breaches Investigation |
| Get Breaches by ID | Retrieves details about a specific credential breach based on the breach ID you have specified. | get_breaches_by_id Investigation |
| Generate Report | Initiates the report generation for the latest EASM scan. | generate_report Investigation |
| Get Report | Checks the status of the generated EASM report based on the report ID you have specified. The response contains the s3 URL of the report to download if generated. | get_report Investigation |
| Get Exposed Services | Retrieves a list of exposed services in the latest EASM scan based on the filter criteria like asset, ports, services, and products, etc. | get_exposed_services Investigation |
| Get Cloud Integrations | Retrieves a list of cloud integrations based on the filter criteria like provider, connection_status. | get_cloud_integrations Investigation |
| Get FortiGate Integrations | Retrieves a list of FortiGate integrations based on input parameters specified. | get_fgt_integrations Investigation |
| Get Security Insights | Retrieves the security insights on dns configurations for the given domain. | get_security_insights Investigation |
| Get Archived Issue Comments | Retrieves a list of comments for given archived issue ID. | get_archived_issue_comments Investigation |
| Get Issue Comments | Retrieves a list of comments for given issue ID. | get_issue_comments Investigation |
| Get Tags | Retrieves a list of tags based on scope, name and other parameters specified. | get_tags Investigation |
| Get Tag Details | Retrieves a specific tag details based on tag ID specified. | get_tag_by_id Investigation |
| Get Groups | Retrieves a list of groups based on scope, name and other parameters specified. | get_groups Investigation |
| Get Group Details | Retrieves a specific group details based on group ID specified. | get_group_by_id Investigation |
| Parameter | Description |
|---|---|
| Keyword | (Optional) Specify the text to search in email address and breach name. Specified keywords are searched in these fields: email, breach name, and domain. For example, if you specify user@example.com, the response filters out results and fetches credentials exposed for user@example.com. |
| Breach ID | (Optional) Specify the breach ID to filter the leaked credentials received. |
| Email ID | (Optional) Specify the email ID to filter the leaked credentials retrieved. |
| Domain | (Optional) Specify the domain to filter the leaked credentials retrieved. |
| Status | (Optional) Specify the status to filter the leaked credentials retrieved. |
| Has Password | (Optional) Specify whether to filter the leaked credential list based on whether the credentials contain passwords. |
| Start Date | (Optional) Specify the start date to filter the credential leak discovery date. Default is last 6 months. |
| End Date | (Optional) Specify the end date to filter the credential leak discovery date. The default is the current day's date. |
| Page | (Optional) Specify the page number from which you want to retrieve records. By default, it is set to 1. |
| Size | (Optional) Specify the maximum number of records that this operation should return for the specified page. By default, this operation retrieves 10 records. Minimum permissible value is 0 and maximum is 500. |
The output contains the following populated JSON schema:
{
"total": "",
"page": "",
"size": "",
"hits": [
{
"email": "",
"domain": "",
"status": "",
"added_on": "",
"breach_id": "",
"breach_date": "",
"breach_name": "",
"has_password": ""
}
]
}
| Parameter | Description |
|---|---|
| Tags In (Match Any) | (Optional) Specify the tag ID to filter retrieved results. You can specify multiple tag IDs as comma-separated values. It returns results if it matches any of the specified tags, operating as an 'OR filter'. |
| Tags In (Match All) | (Optional) Specify the tag ID to filter retrieved results. You can specify multiple tag IDs as comma-separated values. It returns results if it matches all of the specified tags, operating as an 'AND filter'. |
| Groups In (Match Any) | (Optional) Specify the group ID to filter retrieved results. You can specify multiple group IDs as comma-separated values. It returns results if it matches any of the specified groups, operating as an 'OR filter'. |
| Groups In (Match All) | (Optional) Specify the group ID to filter retrieved results. You can specify multiple group IDs as comma-separated values. It returns results if it matches all of the specified groups, operating as an 'AND filter'. |
The output contains the following populated JSON schema:
{
"current_scan": {
"assets": {
"disappeared": {
"asn": "",
"domain": "",
"ip_address": "",
"ip_block": "",
"sub_domain": ""
},
"live": "",
"newly_discovered": {
"asn": "",
"domain": "",
"ip_address": "",
"ip_block": "",
"sub_domain": ""
},
"total": ""
},
"completed_ts": ""
},
"previous_scan": {
"assets": {
"live": "",
"total": ""
},
"completed_ts": ""
}
}
| Parameter | Description |
|---|---|
| Status | (Optional) Select the status to filter the results. You can choose from the following options:
|
| Severity | (Optional) Select the severity to filter the results. You can choose from the following options:
|
| Countries | (Optional) Specify the country code to filter the discovered issues. Specify the countries as comma-separated values to get all those results that have any of the specified countries. For example: IN,US |
| Bucket ID | (Optional) Specify the bucket IDs to filter the results. You can choose from the following options:
|
| Issue Name Identifier | (Optional) Specify the issue name identifiers to filter the results, as comma-separated values. For example: ip_blacklist,cve_2019_1234 |
| Asset Type | (Optional) Select the asset type to filter the discovered issues. You can choose from the following options:
|
| Asset | (Optional) Specify the asset to filter the results. For example: test.example.com |
| Search Type | (Optional) Specify the search type to filter the retrieved issues.
NOTE: Use Asset parameter, along with this parameter, to search. |
| Tags In (Match Any) | (Optional) Specify the tag ID to filter retrieved results. You can specify multiple tag IDs as comma-separated values. It returns results if it matches any of the specified tags, operating as an 'OR filter'. |
| Tags In (Match All) | (Optional) Specify the tag ID to filter retrieved results. You can specify multiple tag IDs as comma-separated values. It returns results if it matches all of the specified tags, operating as an 'AND filter'. |
| Groups In (Match Any) | (Optional) Specify the group ID to filter retrieved results. You can specify multiple group IDs as comma-separated values. It returns results if it matches any of the specified groups, operating as an 'OR filter'. |
| Groups In (Match All) | (Optional) Specify the group ID to filter retrieved results. You can specify multiple group IDs as comma-separated values. It returns results if it matches all of the specified groups, operating as an 'AND filter'. |
| After Primary Scan | (Optional) Select whether to fetch results for items created before or after the primary scan. You can choose from following options:
|
| Page | (Optional) Specify the page number from which you want to retrieve records. By default, it is set to 1. |
| Size | (Optional) Specify the maximum number of records that this operation should return for the specified page. By default, this operation retrieves 10 records. Minimum permissible value is 0 and maximum is 500. |
The output contains the following populated JSON schema:
{
"hits": [
{
"tags": [
{
"id": "",
"name": ""
}
],
"groups": [
{
"id": "",
"name": ""
}
],
"id": "",
"issue_name": "",
"asset": "",
"asset_type": "",
"country": "",
"severity": "",
"port": "",
"bucket": "",
"status": "",
"user_name": "",
"issue_name_identifier": "",
"bucket_id": ""
}
],
"page": "",
"size": "",
"total": ""
}
| Parameter | Description |
|---|---|
| Issue ID | Specify the issue ID to get details about that specific security issue. |
The output contains the following populated JSON schema:
{
"tags": [
{
"id": "",
"name": ""
}
],
"groups": [
{
"id": "",
"name": ""
}
],
"id": "",
"issue_name": "",
"asset": "",
"asset_type": "",
"country": "",
"severity": "",
"port": "",
"bucket": "",
"status": "",
"user_name": "",
"issue_name_identifier": "",
"bucket_id": ""
}
| Parameter | Description |
|---|---|
| Tags In (Match Any) | (Optional) Specify the tag ID to filter retrieved results. You can specify multiple tag IDs as comma-separated values. It returns results if it matches any of the specified tags, operating as an 'OR filter'. |
| Tags In (Match All) | (Optional) Specify the tag ID to filter retrieved results. You can specify multiple tag IDs as comma-separated values. It returns results if it matches all of the specified tags, operating as an 'AND filter'. |
| Groups In (Match Any) | (Optional) Specify the group ID to filter retrieved results. You can specify multiple group IDs as comma-separated values. It returns results if it matches any of the specified groups, operating as an 'OR filter'. |
| Groups In (Match All) | (Optional) Specify the group ID to filter retrieved results. You can specify multiple group IDs as comma-separated values. It returns results if it matches all of the specified groups, operating as an 'AND filter'. |
| After Primary Scan | (Optional) Select whether to fetch results for items created before or after the primary scan. You can choose from following options:
|
The output contains the following populated JSON schema:
{
"total": "",
"critical": "",
"high": "",
"low": "",
"medium": ""
}
| Parameter | Description |
|---|---|
| Status | (Optional) Select the status to filter the retrieved archived issues. You can choose from the following options:
|
| Asset Type | (Optional) Select the asset type to filter the retrieved archived issues. You can choose from following options:
|
| Asset | (Optional) Specify the asset to filter the retrieved archived issues. For example: asset.example.com |
| Tags In (Match Any) | (Optional) Specify the tag ID to filter retrieved results. You can specify multiple tag IDs as comma-separated values. It returns results if it matches any of the specified tags, operating as an 'OR filter'. |
| Tags In (Match All) | (Optional) Specify the tag ID to filter retrieved results. You can specify multiple tag IDs as comma-separated values. It returns results if it matches all of the specified tags, operating as an 'AND filter'. |
| Groups In (Match Any) | (Optional) Specify the group ID to filter retrieved results. You can specify multiple group IDs as comma-separated values. It returns results if it matches any of the specified groups, operating as an 'OR filter'. |
| Groups In (Match All) | (Optional) Specify the group ID to filter retrieved results. You can specify multiple group IDs as comma-separated values. It returns results if it matches all of the specified groups, operating as an 'AND filter'. |
| Page | (Optional) Specify the page number from which you want to retrieve records. By default, it is set to 1. |
| Size | (Optional) Specify the maximum number of records that this operation should return for the specified page. By default, this operation retrieves 10 records. Minimum permissible value is 0 and maximum is 500. |
The output contains the following populated JSON schema:
{
"hits": [
{
"asset": "",
"asset_type": "",
"groups": [
{
"id": "",
"name": ""
}
],
"id": "",
"issue_name": "",
"port": "",
"status": "",
"tags": [
{
"id": "",
"name": ""
}
],
"user_name": ""
}
],
"page": "",
"size": "",
"total": ""
}
| Parameter | Description |
|---|---|
| User Action | (Optional) Select the user action based on which to filter the fetched archived assets. You can choose from the following options:
|
| Asset Type | (Optional) Select the asset type to filter the archived assets. You can choose from the following options:
|
| Asset | (Optional) Specify the asset to filter the retrieved archived assets. For example: asset.example.com |
| Tags In (Match Any) | (Optional) Specify the tag ID to filter retrieved results. You can specify multiple tag IDs as comma-separated values. It returns results if it matches any of the specified tags, operating as an 'OR filter'. |
| Tags In (Match All) | (Optional) Specify the tag ID to filter retrieved results. You can specify multiple tag IDs as comma-separated values. It returns results if it matches all of the specified tags, operating as an 'AND filter'. |
| Groups In (Match Any) | (Optional) Specify the group ID to filter retrieved results. You can specify multiple group IDs as comma-separated values. It returns results if it matches any of the specified groups, operating as an 'OR filter'. |
| Groups In (Match All) | (Optional) Specify the group ID to filter retrieved results. You can specify multiple group IDs as comma-separated values. It returns results if it matches all of the specified groups, operating as an 'AND filter'. |
| Page | (Optional) Specify the page number from which you want to retrieve records. By default, it is set to 1. |
| Size | (Optional) Specify the maximum number of records that this operation should return for the specified page. By default, this operation retrieves 10 records. Minimum permissible value is 0 and maximum is 500. |
The output contains the following populated JSON schema:
{
"hits": [
{
"asset": "",
"asset_type": "",
"groups": [
{
"id": "",
"name": ""
}
],
"id": "",
"tags": [
{
"id": "",
"name": ""
}
],
"user_action": "",
"user_name": ""
}
],
"page": "",
"size": "",
"total": ""
}
| Parameter | Description |
|---|---|
| Search Type | (Optional) Specify the search type to filter the results.
NOTE: Use Asset parameter to search along with this parameter. |
| Asset | (Optional) Specify the asset to filter the results. For example: AS0000. |
| Tags In (Match Any) | (Optional) Specify the tag ID to filter retrieved results. You can specify multiple tag IDs as comma-separated values. It returns results if it matches any of the specified tags, operating as an 'OR filter'. |
| Tags In (Match All) | (Optional) Specify the tag ID to filter retrieved results. You can specify multiple tag IDs as comma-separated values. It returns results if it matches all of the specified tags, operating as an 'AND filter'. |
| Groups In (Match Any) | (Optional) Specify the group ID to filter retrieved results. You can specify multiple group IDs as comma-separated values. It returns results if it matches any of the specified groups, operating as an 'OR filter'. |
| Groups In (Match All) | (Optional) Specify the group ID to filter retrieved results. You can specify multiple group IDs as comma-separated values. It returns results if it matches all of the specified groups, operating as an 'AND filter'. |
| After Primary Scan | (Optional) Select whether to fetch results for items created before or after the primary scan. You can choose from following options:
|
| Discovered By FortiGate Integration | (Optional) Select whether to fetch assets discovered via FortiGate integrations. You can choose from following options:
|
| Cloud Metadata | (Optional) Specify the cloud metadata in JSON format to filter the results. Available fields are: integration_id, cloud_provider, account_id, resource_id, resource_group, resource_name, resource_type, region, and subscription_id. For example:
{
"cloud_provider": [
"azure"
],
"region": [
"westus2"
],
"integration_id": [
"777408f550e5rrdd1hjf3w90"
],
"resource_name": [
"TestAssetsPublic"
]
}
|
| Page | (Optional) Specify the page number from which you want to retrieve records. By default, it is set to 1. |
| Size | (Optional) Specify the maximum number of records that this operation should return for the specified page. By default, this operation retrieves 10 records. Minimum permissible value is 0 and maximum is 500. |
The output contains the following populated JSON schema:
{
"hits": [
{
"asset": "",
"assets_linked_count": "",
"company_name": "",
"fgt_metadata": {},
"groups": [
{
"id": "",
"name": ""
}
],
"id": "",
"tags": [
{
"id": "",
"name": ""
}
]
}
],
"page": "",
"size": "",
"total": ""
}
| Parameter | Description |
|---|---|
| Asset ID | Specify the asset ID to retrieve the ASN details. |
| Linked Assets | (Optional) Select to retrieve linked assets. By default it is unchecked and set to False. |
The output contains the following populated JSON schema:
Output schema when you choose Linked Assets as false:
{
"groups": [
{
"id": "",
"name": ""
}
],
"tags": [
{
"id": "",
"name": ""
}
],
"id": "",
"asset": "",
"assets_linked_count": "",
"company_name": "",
"fgt_metadata": {},
"discovery_path": [
{
"source": "",
"module": "",
"name": "",
"target": "",
"data_type": ""
}
]
}
Output schema when you choose Linked Assets as true:
{
"groups": [
{
"id": "",
"name": ""
}
],
"tags": [
{
"id": "",
"name": ""
}
],
"id": "",
"asset": "",
"assets_linked_count": "",
"company_name": "",
"fgt_metadata": {},
"discovery_path": [
{
"source": "",
"module": "",
"name": "",
"target": "",
"data_type": ""
}
],
"assets_linked": []
}
| Parameter | Description |
|---|---|
| Ports | (Optional) Specify the ports to filter retrieved domains. Specify the ports as comma-separated values to get only those results that have all of the specified ports. For example 8080,443 |
| Technologies | (Optional) Specify the ports to filter retrieved domains. Specify a comma-separated string or a single string. For example MySQL,Bootstrap |
| Asset | (Optional) Specify the asset to filter retrieved domains. |
| Search Type | (Optional) Specify the search type to filter retrieved domains.
NOTE: Use Asset parameter to search along with this parameter. |
| Tags In (Match Any) | (Optional) Specify the tag ID to filter retrieved results. You can specify multiple tag IDs as comma-separated values. It returns results if it matches any of the specified tags, operating as an 'OR filter'. |
| Tags In (Match All) | (Optional) Specify the tag ID to filter retrieved results. You can specify multiple tag IDs as comma-separated values. It returns results if it matches all of the specified tags, operating as an 'AND filter'. |
| Groups In (Match Any) | (Optional) Specify the group ID to filter retrieved results. You can specify multiple group IDs as comma-separated values. It returns results if it matches any of the specified groups, operating as an 'OR filter'. |
| Groups In (Match All) | (Optional) Specify the group ID to filter retrieved results. You can specify multiple group IDs as comma-separated values. It returns results if it matches all of the specified groups, operating as an 'AND filter'. |
| After Primary Scan | (Optional) Select whether to fetch results for items created before or after the primary scan. You can choose from following options:
|
| Discovered By FortiGate Integration | (Optional) Select whether to fetch domains discovered via FortiGate integrations. You can choose from following options:
|
| Is Live | (Optional) Select whether to fetch domains that are live. You can choose from following options:
|
| Discovered By Cloud Integration | (Optional) Select whether to fetch domains discovered via Cloud integrations. You can choose from following options:
|
| Cloud Metadata | (Optional) Specify the cloud metadata in JSON format to filter the results. Available fields are: integration_id, cloud_provider, account_id, resource_id, resource_group, resource_name, resource_type, region, and subscription_id. For example:
{
"cloud_provider": [
"azure"
],
"region": [
"westus2"
],
"integration_id": [
"777408f550e5rrdd1hjf3w90"
],
"resource_name": [
"TestAssetsPublic"
]
}
|
| Page | (Optional) Specify the page number from which you want to retrieve records. By default, it is set to 1. |
| Size | (Optional) Specify the maximum number of records that this operation should return for the specified page. By default, this operation retrieves 10 records. Minimum permissible value is 0 and maximum is 500. |
The output contains the following populated JSON schema:
{
"asset": "",
"assets_linked_count": "",
"cloud_metadata": {
"region": "",
"resource_id": "",
"resource_name": "",
"resource_type": "",
"cloud_provider": "",
"resource_group": "",
"customer_integration_name": ""
},
"confidence": "",
"domain_expiry": "",
"fgt_metadata": {
"virtual_ip": [
{
"name": "",
"protocol": "",
"mapped_ip": "",
"mapped_ports": "",
"external_ports": "",
"mapped_device_mac": "",
"mapped_device_os_name": ""
}
],
"interface_id": "",
"integration_id": "",
"interface_name": "",
"integration_type": "",
"customer_integration_name": ""
},
"groups": [
{
"id": "",
"name": ""
}
],
"id": "",
"ip_address": "",
"nameserver": [],
"original_ip": [],
"ports": [],
"ssl_cert_org": "",
"tags": [
{
"id": "",
"name": ""
}
],
"technologies": []
}
| Parameter | Description |
|---|---|
| Asset ID | Specify the asset ID to retrieve its associated domain details. |
| Linked Assets | (Optional) Select to retrieve linked assets. By default it is unchecked and set to false. |
The output contains the following populated JSON schema:
Output schema when you choose Linked Assets as false:
{
"tags": [
{
"id": "",
"name": ""
}
],
"groups": [
{
"id": "",
"name": ""
}
],
"id": "",
"asset": "",
"ports": [],
"ssl_cert_org": "",
"ip_address": "",
"technologies": [],
"confidence": "",
"domain_expiry": "",
"nameserver": [],
"original_ip": [],
"cloud_metadata": {
"region": "",
"resource_id": "",
"resource_name": "",
"resource_type": "",
"cloud_provider": "",
"resource_group": "",
"customer_integration_name": ""
},
"fgt_metadata": {
"customer_integration_name": "",
"integration_id": "",
"integration_type": "",
"interface_id": "",
"interface_name": "",
"virtual_ip": [
{
"external_ports": "",
"mapped_device_mac": "",
"mapped_device_os_name": "",
"mapped_ip": "",
"mapped_ports": "",
"name": "",
"protocol": ""
}
]
},
"assets_linked_count": "",
"issue_count": "",
"discovery_path": [
{
"source": "",
"module": "",
"name": "",
"target": "",
"data_type": ""
}
]
}
Output schema when you choose Linked Assets as true:
{
"tags": [
{
"id": "",
"name": ""
}
],
"groups": [
{
"id": "",
"name": ""
}
],
"id": "",
"asset": "",
"ports": [],
"ssl_cert_org": "",
"ip_address": "",
"technologies": [],
"confidence": "",
"domain_expiry": "",
"nameserver": [],
"original_ip": [],
"cloud_metadata": {
"region": "",
"resource_id": "",
"resource_name": "",
"resource_type": "",
"cloud_provider": "",
"resource_group": "",
"customer_integration_name": ""
},
"fgt_metadata": {
"customer_integration_name": "",
"integration_id": "",
"integration_type": "",
"interface_id": "",
"interface_name": "",
"virtual_ip": [
{
"external_ports": "",
"mapped_device_mac": "",
"mapped_device_os_name": "",
"mapped_ip": "",
"mapped_ports": "",
"name": "",
"protocol": ""
}
]
},
"assets_linked_count": "",
"issue_count": "",
"discovery_path": [
{
"source": "",
"module": "",
"name": "",
"target": "",
"data_type": ""
}
],
"assets_linked": []
}
| Parameter | Description |
|---|---|
| Ports | (Optional) Specify the ports to filter the retrieved IP addresses. Specify the ports as comma-separated values to get only those results that have ALL of the specified ports. For example: 8080,443. |
| Countries | (Optional) Specify the country code to filter the discovered issues. Specify the countries as comma-separated values to get all those results that have ANY of the specified countries. For example: IN,US |
| Asset | (Optional) Specify the asset to filter the retrieved IP addresses. |
| Search Type | (Optional) Select the search type to filter the retrieved IPs. You can choose from the following options:
NOTE: Use Asset parameter to search along with this parameter. |
| IP Prefix | (Optional) Specify an IP address prefix to filter the retrieved IP addresses. |
| Version | (Optional) Select the IP version by which to retrieve records. You can choose from following options:
|
| Tags In (Match Any) | (Optional) Specify the tag ID to filter retrieved results. You can specify multiple tag IDs as comma-separated values. It returns results if it matches any of the specified tags, operating as an 'OR filter'. |
| Tags In (Match All) | (Optional) Specify the tag ID to filter retrieved results. You can specify multiple tag IDs as comma-separated values. It returns results if it matches all of the specified tags, operating as an 'AND filter'. |
| Groups In (Match Any) | (Optional) Specify the group ID to filter retrieved results. You can specify multiple group IDs as comma-separated values. It returns results if it matches any of the specified groups, operating as an 'OR filter'. |
| Groups In (Match All) | (Optional) Specify the group ID to filter retrieved results. You can specify multiple group IDs as comma-separated values. It returns results if it matches all of the specified groups, operating as an 'AND filter'. |
| After Primary Scan | (Optional) Select whether to fetch results for items created before or after the primary scan. You can choose from following options:
|
| Discovered By FortiGate Integration | (Optional) Select whether to fetch IP addresses discovered via FortiGate integrations. You can choose from following options:
|
| Is Live | (Optional) Select whether to fetch IP addresses that are live. You can choose from following options:
|
| Discovered By Cloud Integration | (Optional) Select whether to fetch IP addresses discovered via Cloud integrations. You can choose from following options:
|
| Cloud Metadata | (Optional) Specify the cloud metadata in JSON format to filter the results. Available fields are: integration_id, cloud_provider, account_id, resource_id, resource_group, resource_name, resource_type, region, and subscription_id. For example:
{
"cloud_provider": [
"azure"
],
"region": [
"westus2"
],
"integration_id": [
"777408f550e5rrdd1hjf3w90"
],
"resource_name": [
"TestAssetsPublic"
]
}
|
| Page | (Optional) Specify the page number from which you want to retrieve records. By default, it is set to 1. |
| Size | (Optional) Specify the maximum number of records that this operation should return for the specified page. By default, this operation retrieves 10 records. Minimum permissible value is 0 and maximum is 500. |
The output contains the following populated JSON schema:
{
"total": "",
"page": "",
"size": "",
"hits": [
{
"tags": [
{
"id": "",
"name": ""
}
],
"groups": [
{
"id": "",
"name": ""
}
],
"id": "",
"ip_prefix": "",
"asset": "",
"ports": [],
"cloud_metadata": {},
"fgt_metadata": {},
"assets_linked_count": "",
"version": ""
}
]
}
| Parameter | Description |
|---|---|
| Asset ID | Specify the asset ID to retrieve the IP address details. |
| Linked Assets | (Optional) Select to retrieve linked assets. By default it is unchecked and set to False. |
The output contains the following populated JSON schema:
Output schema when you choose Linked Assets as false:
{
"tags": [],
"groups": [
{
"id": "",
"name": ""
}
],
"id": "",
"ip_prefix": "",
"asset": "",
"ports": [],
"cloud_metadata": {},
"fgt_metadata": {},
"assets_linked_count": "",
"version": "",
"issue_count": "",
"discovery_path": [
{
"source": "",
"module": "",
"name": "",
"target": "",
"data_type": ""
}
]
}
Output schema when you choose Linked Assets as true:
{
"tags": [
{
"id": "",
"name": ""
}
],
"groups": [
{
"id": "",
"name": ""
}
],
"id": "",
"ip_prefix": "",
"asset": "",
"ports": [],
"cloud_metadata": {},
"fgt_metadata": {},
"assets_linked_count": "",
"version": "",
"issue_count": "",
"discovery_path": [
{
"source": "",
"module": "",
"name": "",
"target": "",
"data_type": ""
}
],
"assets_linked": []
}
| Parameter | Description |
|---|---|
| Asset | (Optional) Specify the asset to filter the retrieved IP address prefix. For example: 185.161.83.0/24. |
| Search Type | (Optional) Specify the search type to filter the retrieved prefixes.
NOTE: Use Asset parameter to search along with this parameter. |
| ASN | (Optional) Specify the ASN to filter the retrieved IP address prefixes.For example: AS207180 |
| Version | (Optional) Select the IP version by which to filter retrieved records. You can choose from the following options:
|
| Tags In (Match Any) | (Optional) Specify the tag ID to filter retrieved results. You can specify multiple tag IDs as comma-separated values. It returns results if it matches any of the specified tags, operating as an 'OR filter'. |
| Tags In (Match All) | (Optional) Specify the tag ID to filter retrieved results. You can specify multiple tag IDs as comma-separated values. It returns results if it matches all of the specified tags, operating as an 'AND filter'. |
| Groups In (Match Any) | (Optional) Specify the group ID to filter retrieved results. You can specify multiple group IDs as comma-separated values. It returns results if it matches any of the specified groups, operating as an 'OR filter'. |
| Groups In (Match All) | (Optional) Specify the group ID to filter retrieved results. You can specify multiple group IDs as comma-separated values. It returns results if it matches all of the specified groups, operating as an 'AND filter'. |
| After Primary Scan | (Optional) Select whether to fetch results for items created before or after the primary scan. You can choose from following options:
|
| Discovered By FortiGate Integration | (Optional) Select whether to fetch IP addresses discovered via FortiGate integrations. You can choose from following options:
|
| Cloud Metadata | (Optional) Specify the cloud metadata in JSON format to filter the results. Available fields are: integration_id, cloud_provider, account_id, resource_id, resource_group, resource_name, resource_type, region, and subscription_id. For example:
{
"cloud_provider": [
"azure"
],
"region": [
"westus2"
],
"integration_id": [
"777408f550e5rrdd1hjf3w90"
],
"resource_name": [
"TestAssetsPublic"
]
}
|
| Page | (Optional) Specify the page number from which you want to retrieve records. By default, it is set to 1. |
| Size | (Optional) Specify the maximum number of records that this operation should return for the specified page. By default, this operation retrieves 10 records. Minimum permissible value is 0 and maximum is 500. |
The output contains the following populated JSON schema:
{
"hits": [
{
"asn_number": "",
"asset": "",
"assets_linked_count": "",
"company_name": "",
"fgt_metadata": {},
"groups": [
{
"id": "",
"name": ""
}
],
"id": "",
"ip_count": "",
"live_ip_count": "",
"tags": [
{
"id": "",
"name": ""
}
],
"version": ""
}
],
"page": "",
"size": "",
"total": ""
}
| Parameter | Description |
|---|---|
| Asset ID | Specify the asset ID to retrieve the IP prefix details. |
| Linked Assets | (Optional) Select to retrieve linked assets. By default it is unchecked and set to false. |
The output contains the following populated JSON schema:
Output schema when you choose Linked Assets as false:
{
"tags": [
{
"id": "",
"name": ""
}
],
"groups": [
{
"id": "",
"name": ""
}
],
"id": "",
"asn_number": "",
"asset": "",
"company_name": "",
"ip_count": "",
"assets_linked_count": "",
"version": "",
"live_ip_count": "",
"fgt_metadata": {},
"discovery_path": [
{
"name": "",
"module": "",
"source": "",
"target": "",
"data_type": ""
}
]
}
Output schema when you choose Linked Assets as true:
{
"id": "",
"tags": [
{
"id": "",
"name": ""
}
],
"asset": "",
"groups": [
{
"id": "",
"name": ""
}
],
"version": "",
"ip_count": "",
"asn_number": "",
"company_name": "",
"fgt_metadata": {},
"assets_linked": [],
"live_ip_count": "",
"discovery_path": [
{
"name": "",
"module": "",
"source": "",
"target": "",
"data_type": ""
}
],
"assets_linked_count": ""
}
| Parameter | Description |
|---|---|
| Ports | (Optional) Specify the ports to filter the retrieved subdomains. Specify the ports as comma-separated values to get only those results that have ALL of the specified ports. For example: 8080,443. |
| Technologies | (Optional) Specify the technology discovered on subdomain to filter the retrieved subdomains. Specify a comma-separated string or a single string. For example MySQL,Bootstrap. |
| Domain | (Optional) Specify a domain to filter the retrieved subdomains. |
| Asset | (Optional) Specify the asset to filter the retrieved subdomains. |
| Search Type | (Optional) Specify the search type to filter the retrieved subdomains.
NOTE: Use Asset parameter to search along with this parameter. |
| Tags In (Match Any) | (Optional) Specify the tag ID to filter retrieved results. You can specify multiple tag IDs as comma-separated values. It returns results if it matches any of the specified tags, operating as an 'OR filter'. |
| Tags In (Match All) | (Optional) Specify the tag ID to filter retrieved results. You can specify multiple tag IDs as comma-separated values. It returns results if it matches all of the specified tags, operating as an 'AND filter'. |
| Groups In (Match Any) | (Optional) Specify the group ID to filter retrieved results. You can specify multiple group IDs as comma-separated values. It returns results if it matches any of the specified groups, operating as an 'OR filter'. |
| Groups In (Match All) | (Optional) Specify the group ID to filter retrieved results. You can specify multiple group IDs as comma-separated values. It returns results if it matches all of the specified groups, operating as an 'AND filter'. |
| After Primary Scan | (Optional) Select whether to fetch results for items created before or after the primary scan. You can choose from following options:
|
| Discovered By FortiGate Integration | (Optional) Select whether to fetch subdomains discovered via FortiGate integrations. You can choose from following options:
|
| Is Live | (Optional) Select whether to fetch subdomains that are live. You can choose from following options:
|
| Discovered By Cloud Integration | (Optional) Select whether to fetch subdomains discovered via Cloud integrations. You can choose from following options:
|
| Cloud Metadata | (Optional) Specify the cloud metadata in JSON format to filter the results. Available fields are: integration_id, cloud_provider, account_id, resource_id, resource_group, resource_name, resource_type, region, and subscription_id. For example:
{
"cloud_provider": [
"azure"
],
"region": [
"westus2"
],
"integration_id": [
"777408f550e5rrdd1hjf3w90"
],
"resource_name": [
"TestAssetsPublic"
]
}
|
| Page | (Optional) Specify the page number from which you want to retrieve records. By default, it is set to 1. |
| Size | (Optional) Specify the maximum number of records that this operation should return for the specified page. By default, this operation retrieves 10 records. Minimum permissible value is 0 and maximum is 500. |
The output contains the following populated JSON schema:
{
"hits": [
{
"id": "",
"tags": [
{
"id": "",
"name": ""
}
],
"asset": "",
"ports": [],
"groups": [],
"ip_address": "",
"domain_name": "",
"fgt_metadata": {},
"technologies": [],
"cloud_metadata": {}
}
],
"page": "",
"size": "",
"total": ""
}
| Parameter | Description |
|---|---|
| Asset ID | Specify the asset ID to retrieve the subdomain details. |
The output contains the following populated JSON schema:
{
"id": "",
"tags": [
{
"id": "",
"name": ""
}
],
"asset": "",
"ports": [],
"groups": [],
"ip_address": "",
"domain_name": "",
"issue_count": "",
"fgt_metadata": {},
"technologies": [],
"cloud_metadata": {},
"discovery_path": [
{
"name": "",
"module": "",
"source": "",
"target": "",
"data_type": ""
}
]
}
| Parameter | Description |
|---|---|
| Ports | (Optional) Specify the ports to filter the assets statistics. Specify the ports as comma-separated values to get only those results that have ALL of the specified ports. For example: 8080,443. |
| Countries | (Optional) Specify the country code to filter the discovered issues. Specify the countries as comma-separated values to get all those results that have ANY of the specified countries. For example: IN,US |
| Technologies | (Optional) Specify the technologies to filter the assets statistics. Specify a comma-separated string or a single string. For example MySQL,Bootstrap. |
| Tags In (Match Any) | (Optional) Specify the tag ID to filter retrieved results. You can specify multiple tag IDs as comma-separated values. It returns results if it matches any of the specified tags, operating as an 'OR filter'. |
| Tags In (Match All) | (Optional) Specify the tag ID to filter retrieved results. You can specify multiple tag IDs as comma-separated values. It returns results if it matches all of the specified tags, operating as an 'AND filter'. |
| Groups In (Match Any) | (Optional) Specify the group ID to filter retrieved results. You can specify multiple group IDs as comma-separated values. It returns results if it matches any of the specified groups, operating as an 'OR filter'. |
| Groups In (Match All) | (Optional) Specify the group ID to filter retrieved results. You can specify multiple group IDs as comma-separated values. It returns results if it matches all of the specified groups, operating as an 'AND filter'. |
| After Primary Scan | (Optional) Select whether to fetch results for items created before or after the primary scan. You can choose from following options:
|
The output contains the following populated JSON schema:
{
"org_name": "",
"asn_count": "",
"ip_prefix_count": "",
"live_domain_count": "",
"total_domain_count": "",
"billable_assets_count": "",
"live_ip_address_count": "",
"live_sub_domain_count": "",
"total_ip_address_count": "",
"total_sub_domain_count": ""
}
| Parameter | Description |
|---|---|
| Breach Name | (Optional) Specify the breach name to retrieve specific breach details. For example: test-org. The response filters out results and fetches credentials exposed for test-org. |
| Keyword | (Optional) Specify the text to search in breach name, details, and list of compromised data. For example:test-org. The response filters out results and fetches credentials exposed for test-org. |
| Has Password | (Optional) Select to filter the leaked credential list based on whether the credentials contain passwords. |
| Is Relevant | (Optional) Select to filter the leaked credential list related to organization. |
| Page | (Optional) Specify the page number from which you want to retrieve records. By default, it is set to 1. |
| Size | (Optional) Specify the maximum number of records that this operation should return for the specified page. By default, this operation retrieves 10 records. Minimum permissible value is 0 and maximum is 500. |
The output contains the following populated JSON schema:
{
"hits": [
{
"id": "",
"date": "",
"name": "",
"details": "",
"added_on": "",
"has_password": "",
"affected_domains": "",
"compromised_data": "",
"compromised_accounts": ""
}
],
"page": "",
"size": "",
"total": ""
}
| Parameter | Description |
|---|---|
| Breach ID | Specify the breach ID to retrieve the breach details. |
The output contains the following populated JSON schema:
{
"id": "",
"date": "",
"name": "",
"details": "",
"added_on": "",
"has_password": "",
"affected_domains": "",
"compromised_data": "",
"compromised_accounts": ""
}
| Parameter | Description |
|---|---|
| Tags In (Match Any) | (Optional) Specify the tag ID to filter retrieved results. You can specify multiple tag IDs as comma-separated values. It returns results if it matches any of the specified tags, operating as an 'OR filter'. |
| Tags In (Match All) | (Optional) Specify the tag ID to filter retrieved results. You can specify multiple tag IDs as comma-separated values. It returns results if it matches all of the specified tags, operating as an 'AND filter'. |
| Groups In (Match Any) | (Optional) Specify the group ID to filter retrieved results. You can specify multiple group IDs as comma-separated values. It returns results if it matches any of the specified groups, operating as an 'OR filter'. |
| Groups In (Match All) | (Optional) Specify the group ID to filter retrieved results. You can specify multiple group IDs as comma-separated values. It returns results if it matches all of the specified groups, operating as an 'AND filter'. |
The output contains the following populated JSON schema:
{
"report_id": ""
}
| Parameter | Description |
|---|---|
| Report ID | Specify the report ID to retrieve the report details. |
| Get Report Link | (Optional) Select the checkbox to get an S3 link of report file. Clear the checkbox to retrieve file data. By default, this checkbox is cleared, i.e., set to false. |
The output contains the following populated JSON schema:
Output schema when you choose Get Report Link as true:
{
"report_url": ""
}
Output schema when you choose Get Report Link as false:
{
"asn": [],
"domain": [
{
"tags": "",
"asset": "",
"groups": "",
"ip_address": "",
"open_ports": "",
"technologies": "",
"total_issues": "",
"discovery_path": "",
"subdomain_count": ""
}
],
"issues": [
{
"port": "",
"tags": "",
"asset": "",
"groups": "",
"severity": "",
"issue_name": "",
"issue_status": "",
"linked_assets": "",
"issue_category": "",
"recommendations": "",
"additional_details": ""
}
],
"ip_block": [],
"ip_address": [
{
"tags": "",
"asset": "",
"groups": "",
"country": "",
"open_ports": "",
"total_issues": "",
"linked_assets": "",
"discovery_path": ""
}
],
"sub_domain": [
{
"tags": "",
"asset": "",
"groups": "",
"open_ports": "",
"technologies": "",
"total_issues": "",
"linked_assets": "",
"discovery_path": ""
}
],
"organization": [],
"disappeared_assets": [
{
"asset": "",
"asset_type": ""
}
],
"newly_discovered_assets": [
{
"asset": "",
"asset_type": ""
}
]
}
| Parameter | Description |
|---|---|
| Asset | (Optional) Specify the asset to filter the retrieved exposed services.
NOTE: The only supported asset types are the ip address, domain, sub-domain. |
| Ports | (Optional) Specify the ports to filter the retrieved exposed services. Specify the ports as comma-separated values to get only results with ALL the specified ports. For example: 8080,443. |
| Services | (Optional) Specify the services to filter the retrieved exposed services. Specify the services as comma-separated values to get only those results that have ANY of the specified services. For example: http,https. |
| Products | (Optional) Specify the products to filter the retrieved exposed services. Specify a comma-separated string or a single string. For example: nginx, Jetty. |
| Services Banner | (Optional) Specify the keywords in the service banner to filter the retrieved exposed services.
NOTE: Do not use |
| After Primary Scan | (Optional) Select whether to fetch results for items created before or after the primary scan. You can choose from following options:
|
| Has SSL | (Optional) Select whether to fetch assets which have SSL. You can choose from following options:
|
| Page | (Optional) Specify the page number from which you want to retrieve records. By default, it is set to 1. |
| Size | (Optional) Specify the maximum number of records that this operation should return for the specified page. By default, this operation retrieves 10 records. Minimum permissible value is 0 and maximum is 500. |
The output contains the following populated JSON schema:
{
"hits": [
{
"cpe": [],
"domains": [],
"ip_address": "",
"os": "",
"port": "",
"product": "",
"service": "",
"service_banner": "",
"ssl": {},
"subdomains": [],
"version": ""
}
],
"page": "",
"size": "",
"total": ""
}
| Parameter | Description |
|---|---|
| Provider | (Optional) Specify the provider to filter the retrieved cloud integrations. |
| Connection Status | (Optional) Select the connection status to filter the retrieved cloud integrations. You can choose from the following options:
|
| Page | (Optional) Specify the page number from which you want to retrieve records. By default, it is set to 1. |
| Size | (Optional) Specify the maximum number of records that this operation should return for the specified page. By default, this operation retrieves 10 records. Minimum permissible value is 0 and maximum is 500. |
The output contains the following populated JSON schema:
{
"hits": [
{
"name": "",
"provider": "",
"account_id": "",
"policy_errors": [],
"connection_status": ""
}
],
"page": "",
"size": "",
"total": ""
}
| Parameter | Description |
|---|---|
| Connection Status | (Optional) Select the connection status to filter the retrieved FortiGate integrations. |
| Page | (Optional) Specify the page number from which you want to retrieve records. By default, it is set to 1. |
| Size | (Optional) Specify the maximum number of records that this operation should return for the specified page. By default, this operation retrieves 10 records. Minimum permissible value is 0 and maximum is 500. |
The output contains the following populated JSON schema:
{
"hits": [
{
"host": "",
"name": "",
"port": "",
"is_ssl": "",
"verify_ssl": "",
"policy_errors": [],
"connection_status": ""
}
],
"page": "",
"size": "",
"total": ""
}
| Parameter | Description |
|---|---|
| Domain | Specify the domain for which you security insights are to be retrieved. |
The output contains the following populated JSON schema:
{
"authoritative": [
{
"comments": "",
"info": "",
"severity_on_fail": "",
"status": "",
"title": ""
}
],
"parent": [
{
"comments": "",
"info": "",
"severity_on_fail": "",
"status": "",
"title": ""
}
],
"soa": [
{
"comments": "",
"info": "",
"severity_on_fail": "",
"status": "",
"title": ""
}
]
}
| Parameter | Description |
|---|---|
| Issue ID | Specify the ID of the issue whose comments are to be retrieved. |
| Comment Type | (Optional) Select comment type which is to be retrieved for specified issue. You can choose from User or System |
| Page | (Optional) Specify the page number from which you want to retrieve records. By default, it is set to 1. |
| Size | (Optional) Specify the maximum number of records that this operation should return for the specified page. By default, this operation retrieves 10 records. Minimum permissible value is 0 and maximum is 500. |
The output contains the following populated JSON schema:
{
"hits": [
{
"text": "",
"user_name": "",
"comment_type": ""
}
],
"page": "",
"size": "",
"total": ""
}
| Parameter | Description |
|---|---|
| Issue ID | Specify the ID of the issue whose comments are to be retrieved. |
| Comment Type | (Optional) Select comment type which is to be retrieved for specified issue. You can choose from User or System |
| Page | (Optional) Specify the page number from which you want to retrieve records. By default, it is set to 1. |
| Size | (Optional) Specify the maximum number of records that this operation should return for the specified page. By default, this operation retrieves 10 records. Minimum permissible value is 0 and maximum is 500. |
The output contains the following populated JSON schema:
{
"hits": [
{
"text": "",
"user_name": "",
"comment_type": ""
}
],
"page": "",
"size": "",
"total": ""
}
| Parameter | Description |
|---|---|
| Scope | (Optional) Select the scope for which you want to retrieve the tags. You can choose from following options:
|
| Name | (Optional) Specify the name of tag to retrieve. Names are matched partially. |
| Page | (Optional) Specify the page number from which you want to retrieve records. By default, it is set to 1. |
| Size | (Optional) Specify the maximum number of records that this operation should return for the specified page. By default, this operation retrieves 10 records. Minimum permissible value is 0 and maximum is 500. |
The output contains the following populated JSON schema:
{
"hits": [
{
"id": "",
"name": "",
"scope": "",
"description": "",
"linked_assets_count": ""
}
],
"page": "",
"size": "",
"total": ""
}
| Parameter | Description |
|---|---|
| Tag ID | Specify the ID of the tag which is to be retrieved. |
| Linked Asset | (Optional) Select to retrieve linked assets. By default it is unchecked and set to False. |
The output contains the following populated JSON schema:
Output schema when you choose Linked Asset as false:
{
"id": "",
"name": "",
"scope": "",
"description": "",
"linked_assets": [],
"linked_assets_count": ""
}
Output schema when you choose Linked Asset as false:
{
"id": "",
"name": "",
"scope": "",
"description": "",
"linked_assets_count": ""
}
| Parameter | Description |
|---|---|
| Scope | (Optional) Specify the scope for which you want to retrieve the groups. You can choose from System, Client |
| Group Name | (Optional) Specify the name of group which you want to retrieve. Name are matched partially. |
| Page | (Optional) Specify the page number from which you want to retrieve records. By default, it is set to 1. |
| Size | (Optional) Specify the maximum number of records that this operation should return for the specified page. By default, this operation retrieves 10 records. Minimum permissible value is 0 and maximum is 500. |
The output contains the following populated JSON schema:
{
"hits": [
{
"id": "",
"name": "",
"scope": "",
"description": "",
"linked_assets_count": ""
}
],
"page": "",
"size": "",
"total": ""
}
| Parameter | Description |
|---|---|
| Group ID | Specify the ID of the group which is to be retrieved. |
| Linked Asset | (Optional) Select to retrieve linked assets. By default it is unchecked and set to False. |
The output contains the following populated JSON schema:
Output schema when you choose Linked Asset as true:
{
"id": "",
"name": "",
"scope": "",
"description": "",
"linked_assets": [],
"linked_assets_count": ""
}
Output schema when you choose Linked Asset as false:
{
"id": "",
"name": "",
"scope": "",
"description": "",
"linked_assets_count": ""
}
The Sample - Fortinet FortiRecon EASM - 1.1.0 playbook collection comes bundled with the Fortinet FortiRecon EASM connector. These playbooks contain steps using which you can perform all supported actions. You can see bundled playbooks in the Automation > Playbooks section in FortiSOAR™ after importing the Fortinet FortiRecon EASM connector.
Note: If you are planning to use any of the sample playbooks in your environment, ensure that you clone those playbooks and move them to a different collection since the sample playbook collection gets deleted during connector upgrade and delete.