FortiWeb Cloud is an cloud native SaaS based web application firewall (WAF) that protects web applications & APIs from the Open Worldwide Application Security Project's (OWASP) Top 10 threats, zero-day attacks, and other application layer attacks.
This document provides information about the Fortinet FortiWeb Cloud connector, which facilitates automated interactions, with a Fortinet FortiWeb Cloud server using FortiSOAR™ playbooks. Add the Fortinet FortiWeb Cloud connector as a step in FortiSOAR™ playbooks and perform automated operations with Fortinet FortiWeb Cloud.
NOTE: This connector has been renamed to Fortinet FortiAppSec Cloud. For subsequent updated versions of this connector, refer to Fortinet FortiAppSec Cloud connector documentation.
Connector Version: 1.1.0
FortiSOAR™ Version Tested on: 7.6.0-5012
Fortinet FortiWeb Cloud Version Tested on: 23.3.a
Authored By: Fortinet
Certified: Yes
Following enhancements have been made to the Fortinet FortiWeb Cloud connector in version 1.1.0:
Use the Content Hub to install the connector. For the detailed procedure to install a connector, click here.
You can also use the yum command as a root user to install the connector:
yum install cyops-connector-fortinet-fortiweb-cloud
For the procedure to configure a connector, click here
In FortiSOAR™, on the Connectors page, click the Fortinet FortiWeb Cloud connector row (if you are in the Grid view on the Connectors page) and in the Configurations tab enter the required configuration details:
| Parameter | Description |
|---|---|
| Server URL | Specify the URL of the FortiWeb Cloud server to connect and perform automated operations. |
| API Key | Specify the API key to access the endpoint to connect and perform the automated operations |
| Verify SSL | Specifies whether the SSL certificate for the server is to be verified. By default, this option is selected, i.e., set to true. |
You can use the following automated operations in playbooks and also use the annotations to access operations:
| Function | Description | Annotation and Category |
|---|---|---|
| Get Incident Dashboard Details | Retrieves information for the global setting configurations from FortiWeb Cloud based on the widget name, action name, and other filter criteria you have specified. | get_incident_dashboard_details Investigation |
| Get Incidents List | Retrieves a list of all incidents from FortiWeb Cloud based on the time range and other filter criteria you have specified. | get_incident_list Investigation |
| Get Incident Details | Retrieves information for a specific incident from FortiWeb Cloud based on the incident ID you have specified. | get_incident_details Investigation |
| Get Incident Timeline Details | Retrieves information for a specific incident timeline from FortiWeb Cloud based on the incident ID you have specified. | get_incident_timeline_details Investigation |
| Get Insight Events Summary | Retrieves a list of all insight events summary from FortiWeb Cloud. | get_insight_events_summary Investigation |
| Get Incident Aggregated Details | Retrieves information for a specific incident aggregated from FortiWeb Cloud based on the incident ID and group by parameters you have specified. | get_incident_aggregated_details Investigation |
| Get Insight Events | Retrieves information for insight events from FortiWeb Cloud based on the event type and other filter criteria you have specified. | get_insight_events Investigation |
| Get IP Protection | Retrieves IP protection configuration from FortiWeb Cloud based on the application ID you have specified. | get_ip_protection Investigation |
| Add IP Protection | Adds an IP protection configuration in FortiWeb Cloud based on the application ID, IP type, and IP address you have specified. | add_ip_protection Investigation |
| Delete IP Protection | Deletes a specific IP protection configuration from FortiWeb Cloud based on the application ID, IP type, and IP address you have specified. | delete_ip_protection Investigation |
| Get Applications List | Retrieves a list of all applications from FortiWeb Cloud based on the filter criteria you have specified. | get_application_list Investigation |
| Update Geo IP Block List | Blocks requests from clients from entire geographical locations based on the Application ID, Countries, and other input parameters that you have specified. | update_geo_ip_block_list Investigation |
| Parameter | Description |
|---|---|
| Widget Name | Select the name of the widget based on which to filter the incident dashboard retrieved from FortiWeb Cloud. You can choose from the following options:
|
| Action Name | Select the action name based on which to filter the incident dashboard retrieved from FortiWeb Cloud. You can choose from the following options:
|
| Host Name | (Optional) Specify the name of the host based on which to retrieve information from FortiWeb Cloud. |
| Time Range | (Optional) Specify the time range during which the incidents were created in FortiWeb Cloud, and from to retrieve incident dashboard details. For example: 24h or 7d to fetch incidents from the last 24 hours or 7 days, respectively. |
The output contains the following populated JSON schema:
Output schema when you choose Widget Name as Threats Timeline:
{
"start": "",
"end": "",
"line_data": [
{
"line_name": "",
"number": [
{
"id": "",
"value": "",
"time": ""
}
]
}
]
}
Output schema when you choose Widget Name as Incidents Timeline:
{
"start": "",
"end": "",
"line_data": [
{
"line_name": "",
"number": [
{
"id": "",
"value": "",
"time": ""
}
]
}
]
}
Output schema when you choose Widget Name as Source Country:
[
{
"name": "",
"value": ""
}
]
Output schema when you choose Widget Name as Attack Type:
[
{
"name": "",
"percentage": ""
}
]
Output schema when you choose Widget Name as High Risk:
[
{
"incident_id": "",
"platform": "",
"risk": "",
"name": ""
}
]
Output schema when you choose Widget Name as HTTP Host:
[
{
"name": "",
"threat_count": "",
"monitor_count": "",
"block_count": "",
"platform": ""
}
]
| Parameter | Description |
|---|---|
| Time Range | Specify the time range during which the incidents were created in FortiWeb Cloud, and from to retrieve incident dashboard details. For example: 24h or 7d to fetch incidents from the last 24 hours or 7 days, respectively. |
| Filter | (Optional) Specify multiple key/value pairs in JSON format to filter incidents retrieved from FortiWeb Cloud. |
| Page Size | (Optional) Specify the number of results, per page, to include in the response of this operation. The values can be 10, 20, or 30. |
| Page Number | (Optional) Specify the page number from which to fetch incidents from FortiWeb Cloud. |
The output contains the following populated JSON schema:
{
"total": "",
"result": [
{
"incident_id": "",
"platform": "",
"risk": "",
"description": "",
"threat_count": "",
"block_count": "",
"tags": [],
"lasttime": "",
"create_time": "",
"blocked": "",
"host_desc": "",
"app_names": []
}
]
}
| Parameter | Description |
|---|---|
| Incident ID | Specify the ID of the incident whose details are to be retrieved from FortiWeb Cloud. |
The output contains the following populated JSON schema:
{
"incident_id": "",
"platform": "",
"risk": "",
"description": "",
"threat_count": "",
"block_count": "",
"tags": [],
"lasttime": "",
"create_time": "",
"blocked": "",
"host_desc": "",
"app_names": [],
"comments": [],
"attack_types": [],
"cve_ids": [],
"hosts": [],
"src_countries": [],
"firsttime": "",
"src_ips": [],
"http_urls": []
}
| Parameter | Description |
|---|---|
| Incident ID | Specify the ID of the incident whose timeline details are to be retrieved from FortiWeb Cloud. |
The output contains the following populated JSON schema:
{
"start": "",
"end": "",
"line_data": [
{
"line_name": "",
"number": [
{
"id": "",
"value": "",
"time": ""
}
]
}
]
}
None.
The output contains the following populated JSON schema:
{
"detail": "",
"result": {
"summary": [
{
"type": "",
"active": ""
}
]
}
}
| Parameter | Description |
|---|---|
| Incident ID | Specify the ID of the incident whose aggregated details are to be retrieved from FortiWeb Cloud. |
| Group By | Select the grouping criteria based on which to filter incident aggregated details retrieved from FortiWeb Cloud. Select Logs to get sample attack logs of a specific incident. You can choose from the following options:
|
The output contains the following populated JSON schema:
Output schema when you choose Group By as Logs:
{
"total": "",
"result": [
{
"msg": "",
"log_id": "",
"threat_level": "",
"signature_cve_id": "",
"owasp_top10": "",
"main_type": "",
"http_url": "",
"srccountry": "",
"src_ip": "",
"signature_id": "",
"date_time": "",
"sub_type": "",
"action": "",
"msg_id": "",
"country_flag": "",
"_id": ""
}
]
}
Output schema when you choose some other option in Group By parameter:
{
"total": "",
"result": [
{
"name": "",
"threat_count": "",
"monitor_count": "",
"block_count": "",
"platform": ""
}
]
}
| Parameter | Description |
|---|---|
| Event Type | Select the type of the event based on which to filter insight events retrieved from FortiWeb Cloud. You can choose from the following options:
|
| Cursor | Specify the cursor value based on which to filter insight events retrieved from FortiWeb Cloud.
Leave the cursor value empty, to list the items of the first page. Use the value of the Use the value of the |
| Page Size | (Optional) Specify the number of results, per page, to include in the response of this operation. The values can be 10, 20, or 30. |
| Forward | (Optional) Select this option to fetch records from the next page. Clear this checkbox to fetch records from the previous page. |
The output contains the following populated JSON schema:
Output schema when you choose Event Type as Exposed Server:
{
"detail": "",
"result": {
"type": "",
"events": [
{
"id": "",
"app_name": "",
"origin_server": [],
"exposed_dns": "",
"direct_access": "",
"last_updated": ""
}
],
"prev_cursor": "",
"next_cursor": "",
"total": ""
}
}
Output schema when you choose Event Type as Trust IP:
{
"detail": "",
"result": {
"type": "",
"events": [],
"prev_cursor": "",
"next_cursor": "",
"total": ""
}
}
Output schema when you choose Event Type as Unprotected Host:
{
"detail": "",
"result": {
"type": "",
"events": [],
"prev_cursor": "",
"next_cursor": "",
"total": ""
}
}
Output schema when you choose Event Type as Monitor Service:
{
"detail": "",
"result": {
"type": "",
"events": [],
"prev_cursor": "",
"next_cursor": "",
"total": ""
}
}
Output schema when you choose Event Type as WAF Config Alarm:
{
"detail": "",
"result": {
"type": "",
"events": [
{
"id": "",
"app_name": "",
"configuration": "",
"status": "",
"last_updated": ""
}
],
"prev_cursor": "",
"next_cursor": "",
"total": ""
}
}
| Parameter | Description |
|---|---|
| Application ID | Specify the ID of the application based on which you want to retrieve IP protection details from FortiWeb Cloud. |
The output contains the following populated JSON schema:
{
"result": {
"configs": {
"status": "",
"ip_list": [
{
"ip": "",
"idx": "",
"type": ""
}
],
"ip_reputation": "",
"block_country_list": [],
"geo_ip_exception_list": []
},
"template": ""
}
}
NOTE: These IP addresses are added to the list selected in the IP Type parameter.
| Parameter | Description |
|---|---|
| Application ID | Specify the ID of the application to add IP protection details in FortiWeb Cloud. |
| IP Type | Select the type of IP address list in which to add the IP addresses. You can choose from the following options:
|
| IP Address | Specify IP addresses to add in the selected list type. You can specify IP addresses to add as comma-separated values or ranges. For example:192.168.1.1, 192.168.1.2 or192.168.1.1-192.168.14.256 or192:168::20:1-192:168:30:150 |
The output contains the following populated JSON schema:
{
"detail": ""
}
| Parameter | Description |
|---|---|
| Application ID | Specify the ID of the application to delete associated IP protection details from FortiWeb Cloud. |
| IP Type | Select the type of IP address list from which to delete the IP addresses. You can choose from the following options:
|
| IP Address | Specify IP addresses to delete from the selected list type. You can specify IP addresses to remove as comma-separated values or ranges. For example:192.168.1.1, 192.168.1.2 or192.168.1.1-192.168.14.256 or192:168::20:1-192:168:30:150
NOTE: These IP addresses are added to the list selected in the IP Type parameter. |
The output contains the following populated JSON schema:
{
"detail": ""
}
| Parameter | Description |
|---|---|
| Application ID | Specify the ID of the application in which to update the Geo IP Block. |
| Operation To Perform | Select the type of operation to perform on the Geo IP Block List. You can choose from the following options:
|
| Countries | (Optional) Select one or more countries, from where to block or allow requests.
NOTE: Requests from these countries are blocked or allowed as the per the selection in Operation To Perform parameter. |
The output contains the following populated JSON schema:
{
"detail": ""
}
| Parameter | Description |
|---|---|
| Filter | (Optional) Specify key-value pairs in JSON format to filter applications retrieved from FortiWeb Cloud. |
| Page Size | (Optional) Specify the number of results, per page, to include in the response of this operation. The values can be 10, 20, or 30. |
| Cursor | (Optional) Specify a cursor value if a previous operation returned a partial result. To go forward to next page, specify the value of the next_cursor parameter from the response. To go to the previous page, specify the prev_cursor value. |
The output contains the following populated JSON schema:
{
"total": "",
"can_add": "",
"app_list": [
{
"req": "",
"cost": "",
"data": "",
"ep_id": "",
"region": "",
"user_id": "",
"app_name": "",
"ep_cname": "",
"platform": "",
"acme_info": [],
"tenant_id": "",
"block_mode": "",
"can_delete": "",
"can_update": "",
"cdn_status": "",
"dns_status": "",
"blocked_req": "",
"create_time": "",
"domain_name": "",
"template_id": "",
"domain_status": {},
"extra_domains": [],
"template_name": "",
"platform_region": "",
"naked_domain_ips": []
}
],
"next_cursor": "",
"prev_cursor": "",
"template_perm": ""
}
The Sample - Fortinet FortiWeb Cloud - 1.1.0 playbook collection comes bundled with the Fortinet FortiWeb Cloud connector. These playbooks contain steps using which you can perform all supported actions. You can see bundled playbooks in the Automation > Playbooks section in FortiSOAR™ after importing the Fortinet FortiWeb Cloud connector.
Note: If you are planning to use any of the sample playbooks in your environment, ensure that you clone those playbooks and move them to a different collection since the sample playbook collection gets deleted during connector upgrade and delete.
FortiWeb Cloud is an cloud native SaaS based web application firewall (WAF) that protects web applications & APIs from the Open Worldwide Application Security Project's (OWASP) Top 10 threats, zero-day attacks, and other application layer attacks.
This document provides information about the Fortinet FortiWeb Cloud connector, which facilitates automated interactions, with a Fortinet FortiWeb Cloud server using FortiSOAR™ playbooks. Add the Fortinet FortiWeb Cloud connector as a step in FortiSOAR™ playbooks and perform automated operations with Fortinet FortiWeb Cloud.
NOTE: This connector has been renamed to Fortinet FortiAppSec Cloud. For subsequent updated versions of this connector, refer to Fortinet FortiAppSec Cloud connector documentation.
Connector Version: 1.1.0
FortiSOAR™ Version Tested on: 7.6.0-5012
Fortinet FortiWeb Cloud Version Tested on: 23.3.a
Authored By: Fortinet
Certified: Yes
Following enhancements have been made to the Fortinet FortiWeb Cloud connector in version 1.1.0:
Use the Content Hub to install the connector. For the detailed procedure to install a connector, click here.
You can also use the yum command as a root user to install the connector:
yum install cyops-connector-fortinet-fortiweb-cloud
For the procedure to configure a connector, click here
In FortiSOAR™, on the Connectors page, click the Fortinet FortiWeb Cloud connector row (if you are in the Grid view on the Connectors page) and in the Configurations tab enter the required configuration details:
| Parameter | Description |
|---|---|
| Server URL | Specify the URL of the FortiWeb Cloud server to connect and perform automated operations. |
| API Key | Specify the API key to access the endpoint to connect and perform the automated operations |
| Verify SSL | Specifies whether the SSL certificate for the server is to be verified. By default, this option is selected, i.e., set to true. |
You can use the following automated operations in playbooks and also use the annotations to access operations:
| Function | Description | Annotation and Category |
|---|---|---|
| Get Incident Dashboard Details | Retrieves information for the global setting configurations from FortiWeb Cloud based on the widget name, action name, and other filter criteria you have specified. | get_incident_dashboard_details Investigation |
| Get Incidents List | Retrieves a list of all incidents from FortiWeb Cloud based on the time range and other filter criteria you have specified. | get_incident_list Investigation |
| Get Incident Details | Retrieves information for a specific incident from FortiWeb Cloud based on the incident ID you have specified. | get_incident_details Investigation |
| Get Incident Timeline Details | Retrieves information for a specific incident timeline from FortiWeb Cloud based on the incident ID you have specified. | get_incident_timeline_details Investigation |
| Get Insight Events Summary | Retrieves a list of all insight events summary from FortiWeb Cloud. | get_insight_events_summary Investigation |
| Get Incident Aggregated Details | Retrieves information for a specific incident aggregated from FortiWeb Cloud based on the incident ID and group by parameters you have specified. | get_incident_aggregated_details Investigation |
| Get Insight Events | Retrieves information for insight events from FortiWeb Cloud based on the event type and other filter criteria you have specified. | get_insight_events Investigation |
| Get IP Protection | Retrieves IP protection configuration from FortiWeb Cloud based on the application ID you have specified. | get_ip_protection Investigation |
| Add IP Protection | Adds an IP protection configuration in FortiWeb Cloud based on the application ID, IP type, and IP address you have specified. | add_ip_protection Investigation |
| Delete IP Protection | Deletes a specific IP protection configuration from FortiWeb Cloud based on the application ID, IP type, and IP address you have specified. | delete_ip_protection Investigation |
| Get Applications List | Retrieves a list of all applications from FortiWeb Cloud based on the filter criteria you have specified. | get_application_list Investigation |
| Update Geo IP Block List | Blocks requests from clients from entire geographical locations based on the Application ID, Countries, and other input parameters that you have specified. | update_geo_ip_block_list Investigation |
| Parameter | Description |
|---|---|
| Widget Name | Select the name of the widget based on which to filter the incident dashboard retrieved from FortiWeb Cloud. You can choose from the following options:
|
| Action Name | Select the action name based on which to filter the incident dashboard retrieved from FortiWeb Cloud. You can choose from the following options:
|
| Host Name | (Optional) Specify the name of the host based on which to retrieve information from FortiWeb Cloud. |
| Time Range | (Optional) Specify the time range during which the incidents were created in FortiWeb Cloud, and from to retrieve incident dashboard details. For example: 24h or 7d to fetch incidents from the last 24 hours or 7 days, respectively. |
The output contains the following populated JSON schema:
Output schema when you choose Widget Name as Threats Timeline:
{
"start": "",
"end": "",
"line_data": [
{
"line_name": "",
"number": [
{
"id": "",
"value": "",
"time": ""
}
]
}
]
}
Output schema when you choose Widget Name as Incidents Timeline:
{
"start": "",
"end": "",
"line_data": [
{
"line_name": "",
"number": [
{
"id": "",
"value": "",
"time": ""
}
]
}
]
}
Output schema when you choose Widget Name as Source Country:
[
{
"name": "",
"value": ""
}
]
Output schema when you choose Widget Name as Attack Type:
[
{
"name": "",
"percentage": ""
}
]
Output schema when you choose Widget Name as High Risk:
[
{
"incident_id": "",
"platform": "",
"risk": "",
"name": ""
}
]
Output schema when you choose Widget Name as HTTP Host:
[
{
"name": "",
"threat_count": "",
"monitor_count": "",
"block_count": "",
"platform": ""
}
]
| Parameter | Description |
|---|---|
| Time Range | Specify the time range during which the incidents were created in FortiWeb Cloud, and from to retrieve incident dashboard details. For example: 24h or 7d to fetch incidents from the last 24 hours or 7 days, respectively. |
| Filter | (Optional) Specify multiple key/value pairs in JSON format to filter incidents retrieved from FortiWeb Cloud. |
| Page Size | (Optional) Specify the number of results, per page, to include in the response of this operation. The values can be 10, 20, or 30. |
| Page Number | (Optional) Specify the page number from which to fetch incidents from FortiWeb Cloud. |
The output contains the following populated JSON schema:
{
"total": "",
"result": [
{
"incident_id": "",
"platform": "",
"risk": "",
"description": "",
"threat_count": "",
"block_count": "",
"tags": [],
"lasttime": "",
"create_time": "",
"blocked": "",
"host_desc": "",
"app_names": []
}
]
}
| Parameter | Description |
|---|---|
| Incident ID | Specify the ID of the incident whose details are to be retrieved from FortiWeb Cloud. |
The output contains the following populated JSON schema:
{
"incident_id": "",
"platform": "",
"risk": "",
"description": "",
"threat_count": "",
"block_count": "",
"tags": [],
"lasttime": "",
"create_time": "",
"blocked": "",
"host_desc": "",
"app_names": [],
"comments": [],
"attack_types": [],
"cve_ids": [],
"hosts": [],
"src_countries": [],
"firsttime": "",
"src_ips": [],
"http_urls": []
}
| Parameter | Description |
|---|---|
| Incident ID | Specify the ID of the incident whose timeline details are to be retrieved from FortiWeb Cloud. |
The output contains the following populated JSON schema:
{
"start": "",
"end": "",
"line_data": [
{
"line_name": "",
"number": [
{
"id": "",
"value": "",
"time": ""
}
]
}
]
}
None.
The output contains the following populated JSON schema:
{
"detail": "",
"result": {
"summary": [
{
"type": "",
"active": ""
}
]
}
}
| Parameter | Description |
|---|---|
| Incident ID | Specify the ID of the incident whose aggregated details are to be retrieved from FortiWeb Cloud. |
| Group By | Select the grouping criteria based on which to filter incident aggregated details retrieved from FortiWeb Cloud. Select Logs to get sample attack logs of a specific incident. You can choose from the following options:
|
The output contains the following populated JSON schema:
Output schema when you choose Group By as Logs:
{
"total": "",
"result": [
{
"msg": "",
"log_id": "",
"threat_level": "",
"signature_cve_id": "",
"owasp_top10": "",
"main_type": "",
"http_url": "",
"srccountry": "",
"src_ip": "",
"signature_id": "",
"date_time": "",
"sub_type": "",
"action": "",
"msg_id": "",
"country_flag": "",
"_id": ""
}
]
}
Output schema when you choose some other option in Group By parameter:
{
"total": "",
"result": [
{
"name": "",
"threat_count": "",
"monitor_count": "",
"block_count": "",
"platform": ""
}
]
}
| Parameter | Description |
|---|---|
| Event Type | Select the type of the event based on which to filter insight events retrieved from FortiWeb Cloud. You can choose from the following options:
|
| Cursor | Specify the cursor value based on which to filter insight events retrieved from FortiWeb Cloud.
Leave the cursor value empty, to list the items of the first page. Use the value of the Use the value of the |
| Page Size | (Optional) Specify the number of results, per page, to include in the response of this operation. The values can be 10, 20, or 30. |
| Forward | (Optional) Select this option to fetch records from the next page. Clear this checkbox to fetch records from the previous page. |
The output contains the following populated JSON schema:
Output schema when you choose Event Type as Exposed Server:
{
"detail": "",
"result": {
"type": "",
"events": [
{
"id": "",
"app_name": "",
"origin_server": [],
"exposed_dns": "",
"direct_access": "",
"last_updated": ""
}
],
"prev_cursor": "",
"next_cursor": "",
"total": ""
}
}
Output schema when you choose Event Type as Trust IP:
{
"detail": "",
"result": {
"type": "",
"events": [],
"prev_cursor": "",
"next_cursor": "",
"total": ""
}
}
Output schema when you choose Event Type as Unprotected Host:
{
"detail": "",
"result": {
"type": "",
"events": [],
"prev_cursor": "",
"next_cursor": "",
"total": ""
}
}
Output schema when you choose Event Type as Monitor Service:
{
"detail": "",
"result": {
"type": "",
"events": [],
"prev_cursor": "",
"next_cursor": "",
"total": ""
}
}
Output schema when you choose Event Type as WAF Config Alarm:
{
"detail": "",
"result": {
"type": "",
"events": [
{
"id": "",
"app_name": "",
"configuration": "",
"status": "",
"last_updated": ""
}
],
"prev_cursor": "",
"next_cursor": "",
"total": ""
}
}
| Parameter | Description |
|---|---|
| Application ID | Specify the ID of the application based on which you want to retrieve IP protection details from FortiWeb Cloud. |
The output contains the following populated JSON schema:
{
"result": {
"configs": {
"status": "",
"ip_list": [
{
"ip": "",
"idx": "",
"type": ""
}
],
"ip_reputation": "",
"block_country_list": [],
"geo_ip_exception_list": []
},
"template": ""
}
}
NOTE: These IP addresses are added to the list selected in the IP Type parameter.
| Parameter | Description |
|---|---|
| Application ID | Specify the ID of the application to add IP protection details in FortiWeb Cloud. |
| IP Type | Select the type of IP address list in which to add the IP addresses. You can choose from the following options:
|
| IP Address | Specify IP addresses to add in the selected list type. You can specify IP addresses to add as comma-separated values or ranges. For example:192.168.1.1, 192.168.1.2 or192.168.1.1-192.168.14.256 or192:168::20:1-192:168:30:150 |
The output contains the following populated JSON schema:
{
"detail": ""
}
| Parameter | Description |
|---|---|
| Application ID | Specify the ID of the application to delete associated IP protection details from FortiWeb Cloud. |
| IP Type | Select the type of IP address list from which to delete the IP addresses. You can choose from the following options:
|
| IP Address | Specify IP addresses to delete from the selected list type. You can specify IP addresses to remove as comma-separated values or ranges. For example:192.168.1.1, 192.168.1.2 or192.168.1.1-192.168.14.256 or192:168::20:1-192:168:30:150
NOTE: These IP addresses are added to the list selected in the IP Type parameter. |
The output contains the following populated JSON schema:
{
"detail": ""
}
| Parameter | Description |
|---|---|
| Application ID | Specify the ID of the application in which to update the Geo IP Block. |
| Operation To Perform | Select the type of operation to perform on the Geo IP Block List. You can choose from the following options:
|
| Countries | (Optional) Select one or more countries, from where to block or allow requests.
NOTE: Requests from these countries are blocked or allowed as the per the selection in Operation To Perform parameter. |
The output contains the following populated JSON schema:
{
"detail": ""
}
| Parameter | Description |
|---|---|
| Filter | (Optional) Specify key-value pairs in JSON format to filter applications retrieved from FortiWeb Cloud. |
| Page Size | (Optional) Specify the number of results, per page, to include in the response of this operation. The values can be 10, 20, or 30. |
| Cursor | (Optional) Specify a cursor value if a previous operation returned a partial result. To go forward to next page, specify the value of the next_cursor parameter from the response. To go to the previous page, specify the prev_cursor value. |
The output contains the following populated JSON schema:
{
"total": "",
"can_add": "",
"app_list": [
{
"req": "",
"cost": "",
"data": "",
"ep_id": "",
"region": "",
"user_id": "",
"app_name": "",
"ep_cname": "",
"platform": "",
"acme_info": [],
"tenant_id": "",
"block_mode": "",
"can_delete": "",
"can_update": "",
"cdn_status": "",
"dns_status": "",
"blocked_req": "",
"create_time": "",
"domain_name": "",
"template_id": "",
"domain_status": {},
"extra_domains": [],
"template_name": "",
"platform_region": "",
"naked_domain_ips": []
}
],
"next_cursor": "",
"prev_cursor": "",
"template_perm": ""
}
The Sample - Fortinet FortiWeb Cloud - 1.1.0 playbook collection comes bundled with the Fortinet FortiWeb Cloud connector. These playbooks contain steps using which you can perform all supported actions. You can see bundled playbooks in the Automation > Playbooks section in FortiSOAR™ after importing the Fortinet FortiWeb Cloud connector.
Note: If you are planning to use any of the sample playbooks in your environment, ensure that you clone those playbooks and move them to a different collection since the sample playbook collection gets deleted during connector upgrade and delete.