Enterprise-grade OT asset management software. OTbase is the gold standard for large scale OT asset inventories. It inventories OT devices from PLCs over network switches to sensors and actuators and integrates nicely with your existing tools and platforms.
This document provides information about the OTbase Inventory connector, which facilitates automated interactions, with a OTbase Inventory server using FortiSOAR™ playbooks. Add the OTbase Inventory connector as a step in FortiSOAR™ playbooks and perform automated operations with OTbase Inventory.
Connector Version: 1.1.0
FortiSOAR™ Version Tested on: 7.6.0-5012
Authored By: Fortinet
Certified: Yes
Following enhancements have been made to the OTbase Inventory connector in version 1.1.0:
Use the Content Hub to install the connector. For the detailed procedure to install a connector, click here.
You can also use the yum command as a root user to install the connector:
yum install cyops-connector-otbase-inventory
For the procedure to configure a connector, click here
In FortiSOAR™, on the Connectors page, click the OTbase Inventory connector row (if you are in the Grid view on the Connectors page) and in the Configurations tab enter the required configuration details:
| Parameter | Description |
|---|---|
| Server URL | Specify the URL of the OTbase Inventory server to connect and perform automated operations. |
| Username | Specify the username to access the OTbase Inventory server to connect and perform automated operations. |
| Password | Specify the password to access the OTbase Inventory server to connect and perform automated operations. |
| PFX Path | Specify the path to PFX file(Personal Information Exchange) to access the OTbase Inventory server to connect and perform automated operations. Ex: /tmp/path/to/pfx/file |
| PFX Password | Specify the password of PFX file(Personal Information Exchange) to access the OTbase Inventory server to connect and perform automated operations. |
| Verify SSL | Specifies whether the SSL certificate for the server is to be verified. By default, this option is selected, i.e., set to true. |
You can use the following automated operations in playbooks and also use the annotations to access operations:
| Function | Description | Annotation and Category |
|---|---|---|
| Get Devices List | Retrieves a list of devices from OTbase Inventory based on device name, location ID, and input parameters that you have specified. | get_devices_list Investigation |
| Get Device Details | Retrieves a specific device's information from OTbase Inventory based on the device ID and data that you have selected to receive in response. | get_device_details Investigation |
| Delete Device Details | Deletes an specific device information from OTbase Inventory based on the device ID you have specified. | delete_device_details Investigation |
| Get Vulnerabilities List | Retrieves a list of vulnerabilities from OTbase Inventory based on the priority, location ID, and other input parameters that you have specified. | get_vulnerabilities_list Investigation |
| Get Vulnerability Details | Retrieves a specific vulnerability information from OTbase Inventory based on the CVE ID that you have specified. | get_vulnerability_details Investigation |
| Get Data Flow | Retrieves a list of data flow from OTbase Inventory based on the last seen date that you have specified. | get_data_flow Investigation |
| Get Network List | Retrieves a list of networks from OTbase Inventory based on the offset that you have specified. | get_network_list Investigation |
| Get Network Details | Retrieves a specific network information from OTbase Inventory based on the network ID that you have specified. | get_network_details Investigation |
| Parameter | Description |
|---|---|
| Device Name | (Optional) Specify the name of the device based on which to filter retrieved devices from OTbase Inventory. |
| Location ID | (Optional) Specify the ID of the location based on which to filter retrieved devices from OTbase Inventory. |
| OT System ID | (Optional) Specify the ID of the OT system based on which to filter retrieved devices from OTbase Inventory. |
| OT System Name | (Optional) Specify the name of the OT system based on which to filter retrieved devices from OTbase Inventory. |
| IP Address | (Optional) Specify the IP address based on which to filter retrieved devices from OTbase Inventory. |
| Include Data | (Optional) Select data to include in response that this operation returns. You can choose one or more from the following options:
|
| Network ID | (Optional) Specify the ID of the network based on which to filter retrieved devices from OTbase Inventory. |
| Modified DateTime | (Optional) Select the DateTime using which to filter the result set to only include only those items that have been modified after the specified timestamp. For example: 2024-04-18 19:12:59 |
| Limit | (Optional) Specify the maximum number of results, per page, that this operation should return. By default, this option is set as 300. |
| Offset | (Optional) Index of the first item to be returned by this operation. This parameter is useful for pagination and for getting a subset of items. By default, this is set to 0. |
The output contains the following populated JSON schema:
{
"data": [
{
"name": "",
"tags": [],
"zone": "",
"stage": "",
"safety": "",
"context": {
"location": "",
"otSystem": "",
"processes": [
{
"name": "",
"location": "",
"locationId": ""
}
],
"locationId": "",
"otSystemId": "",
"deviceGroup": "",
"referenceLocation": "",
"referenceLocationId": ""
},
"release": "",
"deviceId": "",
"exposure": "",
"hardware": {
"type": "",
"model": "",
"vendor": "",
"version": "",
"endOfLife": "",
"lifecycle": "",
"vendorLink": "",
"description": "",
"orderNumber": ""
},
"hostedOn": "",
"modified": "",
"monitors": [],
"warranty": "",
"deviceRef": "",
"last_seen": "",
"connections": [],
"criticality": "",
"description": "",
"os_firmware": "",
"last_seen_by": "",
"serialNumber": "",
"documentation": "",
"last_patch_date": "",
"manufactureDate": "",
"installationDate": "",
"days_since_last_patch": ""
}
],
"info": {
"user": "",
"total": "",
"offset": "",
"origin": "",
"next_offset": ""
}
}
| Parameter | Description |
|---|---|
| Device ID | Specify the ID of the device based on which to retrieve specific device details from OTbase Inventory. |
| Include Data | (Optional) Select data to include in response that this operation returns. You can choose one or more from the following options:
|
The output contains the following populated JSON schema:
{
"data": {
"name": "",
"tags": [],
"zone": "",
"stage": "",
"safety": "",
"context": {
"location": "",
"otSystem": "",
"processes": [
{
"name": "",
"location": "",
"locationId": ""
}
],
"locationId": "",
"otSystemId": "",
"deviceGroup": "",
"referenceLocation": "",
"referenceLocationId": ""
},
"release": "",
"deviceId": "",
"exposure": "",
"hardware": {
"type": "",
"model": "",
"vendor": "",
"version": "",
"endOfLife": "",
"lifecycle": "",
"vendorLink": "",
"description": "",
"orderNumber": ""
},
"hostedOn": "",
"modified": "",
"monitors": [],
"warranty": "",
"deviceRef": "",
"last_seen": "",
"connections": [],
"criticality": "",
"description": "",
"os_firmware": "",
"last_seen_by": "",
"serialNumber": "",
"documentation": "",
"last_patch_date": "",
"manufactureDate": "",
"installationDate": "",
"days_since_last_patch": ""
},
"info": {
"user": "",
"origin": ""
}
}
| Parameter | Description |
|---|---|
| Device ID | Specify the ID of the device to delete its details from OTbase Inventory. |
The output contains a non-dictionary value.
| Parameter | Description |
|---|---|
| Priority | (Optional) Select the priority of the vulnerabilities that this operation returns. You can choose one or more from the following options:
|
| Location ID | (Optional) Specify the ID of the location based on which to filter retrieved vulnerabilities from OTbase Inventory. |
| Limit | (Optional) Specify the maximum number of results, per page, that this operation should return. By default, this option is set as 100. |
| Offset | (Optional) Specify the count of records to skip in the results returned by this operation. This parameter is useful for pagination and for getting a subset of items. By default, this is set to 0. |
The output contains the following populated JSON schema:
{
"data": [
{
"kev": "",
"cveId": "",
"vector": "",
"devices": [],
"priority": "",
"severity": "",
"baseScore": "",
"description": "",
"datePublished": ""
}
],
"info": {
"user": "",
"total": "",
"offset": "",
"origin": "",
"next_offset": ""
}
}
| Parameter | Description |
|---|---|
| CVE ID | Specify the CVE ID to retrieve its details from OTbase Inventory. |
The output contains the following populated JSON schema:
{
"data": {
"kev": "",
"cveId": "",
"vector": "",
"devices": [],
"priority": "",
"severity": "",
"baseScore": "",
"description": "",
"datePublished": ""
},
"info": {
"user": "",
"origin": ""
}
}
| Parameter | Description |
|---|---|
| Last Seen | (Optional) Select the date and time using which to filter the result set and include only those items that were last seen after the specified timestamp. |
The output contains the following populated JSON schema:
{
"data": [],
"info": {
"user": "",
"total": "",
"offset": "",
"origin": ""
}
}
| Parameter | Description |
|---|---|
| Offset | (Optional) Specify the count of records to skip in the results returned by this operation. This parameter is useful for pagination and for getting a subset of items. By default, this is set to 0. |
The output contains the following populated JSON schema:
{
"data": [
{
"name": "",
"type": "",
"vlan": "",
"group": "",
"address": "",
"location": "",
"networkId": "",
"groupColor": "",
"locationId": "",
"description": "",
"reserved_addresses": []
}
],
"info": {
"user": "",
"total": "",
"offset": "",
"origin": ""
}
}
| Parameter | Description |
|---|---|
| Network ID | Specify the ID of the network to retrieve its details from OTbase Inventory. |
The output contains the following populated JSON schema:
{
"data": {
"name": "",
"type": "",
"vlan": "",
"group": "",
"address": "",
"location": "",
"networkId": "",
"groupColor": "",
"locationId": "",
"description": "",
"reserved_addresses": []
},
"info": {
"user": "",
"origin": ""
}
}
The Sample - OTbase Inventory - 1.1.0 playbook collection comes bundled with the OTbase Inventory connector. These playbooks contain steps using which you can perform all supported actions. You can see bundled playbooks in the Automation > Playbooks section in FortiSOAR™ after importing the OTbase Inventory connector.
Note: If you are planning to use any of the sample playbooks in your environment, ensure that you clone those playbooks and move them to a different collection since the sample playbook collection gets deleted during connector upgrade and delete.
Use the Data Ingestion Wizard to easily ingest data into FortiSOAR™ by pulling devices from OTbase Inventory. Currently, devices ingested from OTbase Inventory is mapped to Assets in FortiSOAR™. For more information on the Data Ingestion Wizard, see the Connectors Guide in the FortiSOAR™ product documentation.
You can configure data ingestion using the Data Ingestion Wizard to seamlessly map the incoming OTbase Inventory devices to FortiSOAR™'s Assets.
The Data Ingestion Wizard helps you to configure the scheduled pulling of data from OTbase Inventory into FortiSOAR™. It also lets you pull some sample data from OTbase Inventory using which you can define the mapping of data between OTbase Inventory and FortiSOAR™. The mapping of common fields is generally already done by the Data Ingestion Wizard; users are mostly required to only map any custom fields that are added to the OTbase Inventory devices.
To begin configuring data ingestion, click Configure Data Ingestion on the OTbase Inventory connector's Configurations page.
Click Let's Start by fetching some data, to open the Fetch Data screen.
Sample data is required to create a field mapping between OTbase Inventory data and FortiSOAR™. The sample data is pulled from connector actions or ingestion playbooks.
On the Fetch Data screen, provide the configurations required to fetch devices from OTbase Inventory.
You can specify the date from when to pull devices, device location, OT system ID, and other details. The fetched data is used to create a mapping between the OTbase Inventory data and FortiSOAR™ assets.
The fetched data is used to create a mapping between the devices from OTbase Inventory and FortiSOAR Assets. Once you have completed specifying the configurations, click Fetch Data.
On the Field Mapping screen, map the fields of the ingested devices OTbase Inventory to the fields of a Assets present in FortiSOAR™.
To map a field, click the key in the sample data to add the Jinja value of the field. For example, to map the name parameter in properties field of an ingested device from OTbase Inventory to the Name parameter of a FortiSOAR™ Assets, click the Name field and then click the name parameter in properties field to populate its keys:
For more information on field mapping, see the Data Ingestion chapter in the Connectors Guide in the FortiSOAR™ product documentation. Once you have completed the mapping of fields, click Save Mapping & Continue.
(Optional) Use the Scheduling screen to configure schedule-based ingestion, i.e., specify the polling frequency to OTbase Inventory, so that the content gets pulled from the OTbase Inventory integration into FortiSOAR™
On the Scheduling screen, from the Do you want to schedule the ingestion? drop-down list, select Yes.
In the Configure Schedule Settings section, specify the Cron expression for the schedule. For example, if you want to pull data from OTbase Inventory every 5 minutes, click Every X Minute, and in the minute box enter */5. This means that the Threat Intelligence Feeds will be pulled from OTbase Inventory every 5 minutes.
Once you have completed scheduling, click Save Settings & Continue.
The Summary screen displays a summary of the mapping done, and it also contains links to the Ingestion playbooks. Click Done to complete the data ingestion and exit the Data Ingestion Wizard.
Enterprise-grade OT asset management software. OTbase is the gold standard for large scale OT asset inventories. It inventories OT devices from PLCs over network switches to sensors and actuators and integrates nicely with your existing tools and platforms.
This document provides information about the OTbase Inventory connector, which facilitates automated interactions, with a OTbase Inventory server using FortiSOAR™ playbooks. Add the OTbase Inventory connector as a step in FortiSOAR™ playbooks and perform automated operations with OTbase Inventory.
Connector Version: 1.1.0
FortiSOAR™ Version Tested on: 7.6.0-5012
Authored By: Fortinet
Certified: Yes
Following enhancements have been made to the OTbase Inventory connector in version 1.1.0:
Use the Content Hub to install the connector. For the detailed procedure to install a connector, click here.
You can also use the yum command as a root user to install the connector:
yum install cyops-connector-otbase-inventory
For the procedure to configure a connector, click here
In FortiSOAR™, on the Connectors page, click the OTbase Inventory connector row (if you are in the Grid view on the Connectors page) and in the Configurations tab enter the required configuration details:
| Parameter | Description |
|---|---|
| Server URL | Specify the URL of the OTbase Inventory server to connect and perform automated operations. |
| Username | Specify the username to access the OTbase Inventory server to connect and perform automated operations. |
| Password | Specify the password to access the OTbase Inventory server to connect and perform automated operations. |
| PFX Path | Specify the path to PFX file(Personal Information Exchange) to access the OTbase Inventory server to connect and perform automated operations. Ex: /tmp/path/to/pfx/file |
| PFX Password | Specify the password of PFX file(Personal Information Exchange) to access the OTbase Inventory server to connect and perform automated operations. |
| Verify SSL | Specifies whether the SSL certificate for the server is to be verified. By default, this option is selected, i.e., set to true. |
You can use the following automated operations in playbooks and also use the annotations to access operations:
| Function | Description | Annotation and Category |
|---|---|---|
| Get Devices List | Retrieves a list of devices from OTbase Inventory based on device name, location ID, and input parameters that you have specified. | get_devices_list Investigation |
| Get Device Details | Retrieves a specific device's information from OTbase Inventory based on the device ID and data that you have selected to receive in response. | get_device_details Investigation |
| Delete Device Details | Deletes an specific device information from OTbase Inventory based on the device ID you have specified. | delete_device_details Investigation |
| Get Vulnerabilities List | Retrieves a list of vulnerabilities from OTbase Inventory based on the priority, location ID, and other input parameters that you have specified. | get_vulnerabilities_list Investigation |
| Get Vulnerability Details | Retrieves a specific vulnerability information from OTbase Inventory based on the CVE ID that you have specified. | get_vulnerability_details Investigation |
| Get Data Flow | Retrieves a list of data flow from OTbase Inventory based on the last seen date that you have specified. | get_data_flow Investigation |
| Get Network List | Retrieves a list of networks from OTbase Inventory based on the offset that you have specified. | get_network_list Investigation |
| Get Network Details | Retrieves a specific network information from OTbase Inventory based on the network ID that you have specified. | get_network_details Investigation |
| Parameter | Description |
|---|---|
| Device Name | (Optional) Specify the name of the device based on which to filter retrieved devices from OTbase Inventory. |
| Location ID | (Optional) Specify the ID of the location based on which to filter retrieved devices from OTbase Inventory. |
| OT System ID | (Optional) Specify the ID of the OT system based on which to filter retrieved devices from OTbase Inventory. |
| OT System Name | (Optional) Specify the name of the OT system based on which to filter retrieved devices from OTbase Inventory. |
| IP Address | (Optional) Specify the IP address based on which to filter retrieved devices from OTbase Inventory. |
| Include Data | (Optional) Select data to include in response that this operation returns. You can choose one or more from the following options:
|
| Network ID | (Optional) Specify the ID of the network based on which to filter retrieved devices from OTbase Inventory. |
| Modified DateTime | (Optional) Select the DateTime using which to filter the result set to only include only those items that have been modified after the specified timestamp. For example: 2024-04-18 19:12:59 |
| Limit | (Optional) Specify the maximum number of results, per page, that this operation should return. By default, this option is set as 300. |
| Offset | (Optional) Index of the first item to be returned by this operation. This parameter is useful for pagination and for getting a subset of items. By default, this is set to 0. |
The output contains the following populated JSON schema:
{
"data": [
{
"name": "",
"tags": [],
"zone": "",
"stage": "",
"safety": "",
"context": {
"location": "",
"otSystem": "",
"processes": [
{
"name": "",
"location": "",
"locationId": ""
}
],
"locationId": "",
"otSystemId": "",
"deviceGroup": "",
"referenceLocation": "",
"referenceLocationId": ""
},
"release": "",
"deviceId": "",
"exposure": "",
"hardware": {
"type": "",
"model": "",
"vendor": "",
"version": "",
"endOfLife": "",
"lifecycle": "",
"vendorLink": "",
"description": "",
"orderNumber": ""
},
"hostedOn": "",
"modified": "",
"monitors": [],
"warranty": "",
"deviceRef": "",
"last_seen": "",
"connections": [],
"criticality": "",
"description": "",
"os_firmware": "",
"last_seen_by": "",
"serialNumber": "",
"documentation": "",
"last_patch_date": "",
"manufactureDate": "",
"installationDate": "",
"days_since_last_patch": ""
}
],
"info": {
"user": "",
"total": "",
"offset": "",
"origin": "",
"next_offset": ""
}
}
| Parameter | Description |
|---|---|
| Device ID | Specify the ID of the device based on which to retrieve specific device details from OTbase Inventory. |
| Include Data | (Optional) Select data to include in response that this operation returns. You can choose one or more from the following options:
|
The output contains the following populated JSON schema:
{
"data": {
"name": "",
"tags": [],
"zone": "",
"stage": "",
"safety": "",
"context": {
"location": "",
"otSystem": "",
"processes": [
{
"name": "",
"location": "",
"locationId": ""
}
],
"locationId": "",
"otSystemId": "",
"deviceGroup": "",
"referenceLocation": "",
"referenceLocationId": ""
},
"release": "",
"deviceId": "",
"exposure": "",
"hardware": {
"type": "",
"model": "",
"vendor": "",
"version": "",
"endOfLife": "",
"lifecycle": "",
"vendorLink": "",
"description": "",
"orderNumber": ""
},
"hostedOn": "",
"modified": "",
"monitors": [],
"warranty": "",
"deviceRef": "",
"last_seen": "",
"connections": [],
"criticality": "",
"description": "",
"os_firmware": "",
"last_seen_by": "",
"serialNumber": "",
"documentation": "",
"last_patch_date": "",
"manufactureDate": "",
"installationDate": "",
"days_since_last_patch": ""
},
"info": {
"user": "",
"origin": ""
}
}
| Parameter | Description |
|---|---|
| Device ID | Specify the ID of the device to delete its details from OTbase Inventory. |
The output contains a non-dictionary value.
| Parameter | Description |
|---|---|
| Priority | (Optional) Select the priority of the vulnerabilities that this operation returns. You can choose one or more from the following options:
|
| Location ID | (Optional) Specify the ID of the location based on which to filter retrieved vulnerabilities from OTbase Inventory. |
| Limit | (Optional) Specify the maximum number of results, per page, that this operation should return. By default, this option is set as 100. |
| Offset | (Optional) Specify the count of records to skip in the results returned by this operation. This parameter is useful for pagination and for getting a subset of items. By default, this is set to 0. |
The output contains the following populated JSON schema:
{
"data": [
{
"kev": "",
"cveId": "",
"vector": "",
"devices": [],
"priority": "",
"severity": "",
"baseScore": "",
"description": "",
"datePublished": ""
}
],
"info": {
"user": "",
"total": "",
"offset": "",
"origin": "",
"next_offset": ""
}
}
| Parameter | Description |
|---|---|
| CVE ID | Specify the CVE ID to retrieve its details from OTbase Inventory. |
The output contains the following populated JSON schema:
{
"data": {
"kev": "",
"cveId": "",
"vector": "",
"devices": [],
"priority": "",
"severity": "",
"baseScore": "",
"description": "",
"datePublished": ""
},
"info": {
"user": "",
"origin": ""
}
}
| Parameter | Description |
|---|---|
| Last Seen | (Optional) Select the date and time using which to filter the result set and include only those items that were last seen after the specified timestamp. |
The output contains the following populated JSON schema:
{
"data": [],
"info": {
"user": "",
"total": "",
"offset": "",
"origin": ""
}
}
| Parameter | Description |
|---|---|
| Offset | (Optional) Specify the count of records to skip in the results returned by this operation. This parameter is useful for pagination and for getting a subset of items. By default, this is set to 0. |
The output contains the following populated JSON schema:
{
"data": [
{
"name": "",
"type": "",
"vlan": "",
"group": "",
"address": "",
"location": "",
"networkId": "",
"groupColor": "",
"locationId": "",
"description": "",
"reserved_addresses": []
}
],
"info": {
"user": "",
"total": "",
"offset": "",
"origin": ""
}
}
| Parameter | Description |
|---|---|
| Network ID | Specify the ID of the network to retrieve its details from OTbase Inventory. |
The output contains the following populated JSON schema:
{
"data": {
"name": "",
"type": "",
"vlan": "",
"group": "",
"address": "",
"location": "",
"networkId": "",
"groupColor": "",
"locationId": "",
"description": "",
"reserved_addresses": []
},
"info": {
"user": "",
"origin": ""
}
}
The Sample - OTbase Inventory - 1.1.0 playbook collection comes bundled with the OTbase Inventory connector. These playbooks contain steps using which you can perform all supported actions. You can see bundled playbooks in the Automation > Playbooks section in FortiSOAR™ after importing the OTbase Inventory connector.
Note: If you are planning to use any of the sample playbooks in your environment, ensure that you clone those playbooks and move them to a different collection since the sample playbook collection gets deleted during connector upgrade and delete.
Use the Data Ingestion Wizard to easily ingest data into FortiSOAR™ by pulling devices from OTbase Inventory. Currently, devices ingested from OTbase Inventory is mapped to Assets in FortiSOAR™. For more information on the Data Ingestion Wizard, see the Connectors Guide in the FortiSOAR™ product documentation.
You can configure data ingestion using the Data Ingestion Wizard to seamlessly map the incoming OTbase Inventory devices to FortiSOAR™'s Assets.
The Data Ingestion Wizard helps you to configure the scheduled pulling of data from OTbase Inventory into FortiSOAR™. It also lets you pull some sample data from OTbase Inventory using which you can define the mapping of data between OTbase Inventory and FortiSOAR™. The mapping of common fields is generally already done by the Data Ingestion Wizard; users are mostly required to only map any custom fields that are added to the OTbase Inventory devices.
To begin configuring data ingestion, click Configure Data Ingestion on the OTbase Inventory connector's Configurations page.
Click Let's Start by fetching some data, to open the Fetch Data screen.
Sample data is required to create a field mapping between OTbase Inventory data and FortiSOAR™. The sample data is pulled from connector actions or ingestion playbooks.
On the Fetch Data screen, provide the configurations required to fetch devices from OTbase Inventory.
You can specify the date from when to pull devices, device location, OT system ID, and other details. The fetched data is used to create a mapping between the OTbase Inventory data and FortiSOAR™ assets.
The fetched data is used to create a mapping between the devices from OTbase Inventory and FortiSOAR Assets. Once you have completed specifying the configurations, click Fetch Data.
On the Field Mapping screen, map the fields of the ingested devices OTbase Inventory to the fields of a Assets present in FortiSOAR™.
To map a field, click the key in the sample data to add the Jinja value of the field. For example, to map the name parameter in properties field of an ingested device from OTbase Inventory to the Name parameter of a FortiSOAR™ Assets, click the Name field and then click the name parameter in properties field to populate its keys:
For more information on field mapping, see the Data Ingestion chapter in the Connectors Guide in the FortiSOAR™ product documentation. Once you have completed the mapping of fields, click Save Mapping & Continue.
(Optional) Use the Scheduling screen to configure schedule-based ingestion, i.e., specify the polling frequency to OTbase Inventory, so that the content gets pulled from the OTbase Inventory integration into FortiSOAR™
On the Scheduling screen, from the Do you want to schedule the ingestion? drop-down list, select Yes.
In the Configure Schedule Settings section, specify the Cron expression for the schedule. For example, if you want to pull data from OTbase Inventory every 5 minutes, click Every X Minute, and in the minute box enter */5. This means that the Threat Intelligence Feeds will be pulled from OTbase Inventory every 5 minutes.
Once you have completed scheduling, click Save Settings & Continue.
The Summary screen displays a summary of the mapping done, and it also contains links to the Ingestion playbooks. Click Done to complete the data ingestion and exit the Data Ingestion Wizard.