Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Products Best Practices Hardware Guides Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
    • More >>
    Unified SASE
  • Single Vendor SASE
  • Cloud Network Security
  • Secure Endpoint Connectivity
  • Web Application / API Protection
    • More >>
    Security Operations
  • Security Operations Automation
  • Identity
  • Early Detection & Prevention
    • More >>
    Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
  • Communication & Surveillance
    • Unified SASE
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Cloud Network Security
  • Cloud-Native Security
  • Web Application / API Protection
    • Security Operations
  • Security Operations Automation
  • Endpoint
  • Data Protection
  • Identity
  • Email
  • Early Detection & Prevention
  • Expert Services
  • Edge Firewall
  • Orchestration & management
  • SD Branch
  • Application Delivery
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Secure Private Access
  • Thin Edge
  • Identity
  • Application Gateway
  • Enterprise Asset Management
  • Endpoint Agent
  • Agentless Security Posture
  • Identity
  • Wireless
  • Switching
  • Identity
  • Privilege Acccess Management
  • Next Generation Firewall
  • Orchestration & management
  • Expert Services
  • All
  • All
  • Account Management
  • SAAS Management
  • SAAS Application Security
  • Managed Services
  • Platform as a service (PAAS)
  • Other SAAS Services
    • 4D Resources
    Solution Hubs
  • 4D Pillars
  • Cloud
  • Popular Solutions

    • Phishing Classifier Connector

    Home FortiSOAR Connectors Phishing Classifier Connector
    1.1.0
    1.1.0
    1.0.1
    1.0.0

    Phishing Classifier Connector v1.1.0

    Overview

    FortiSOAR™ provides you with a number of pre-installed connectors or built-ins, such as the IMAP or Database connectors that you can use within FortiSOAR™ playbooks, as a connector step, and perform automated operations. These connectors are bundled and named based on the type of operations the connectors can perform. For example, the Database connector would contain actions that you can perform with respect to the database like querying the database. It is easy to extend and enhance these connectors.

    Apart from the FortiSOAR™ Built-in connectors, Fortinet also provides a number of connectors for popular integrations like SIEMs, such as FortiSIEM, Splunk, etc., and Ticketing systems such as Jira. You can see a list of published connectors on the FortiSOAR Connectors Documentation site.

    The process of installing, configuring, and using connectors is defined in the Introduction to connectors chapter in the "Connectors Guide", which is part of the FortiSOAR™ documentation or see the Installing a connector and Configuring a connector articles.

    FortiSOAR™ Built-in connectors are upgraded by default with a FortiSOAR™ upgrade. Use the Content Hub to upgrade your connectors to the latest version, in case you want to only upgrade the connectors and not FortiSOAR™. For more information on the connector store, see the Introduction to connectors chapter and see the FortiSOAR Built-in connectors article.

    Important: Before you upgrade your FortiSOAR™ version, it is highly recommended that you take a backup of your FortiSOAR™ Built-in connector's (SSH, IMAP, Database, etc.) configuration since the configuration of your FortiSOAR™ Built-in connectors might be reset if there are changes to the configuration parameters across versions.

    Phishing Classifier

    The Phishing Classifier connector leverages Machine Learning (ML) to classify records (emails) into 'Phishing' and 'Non-Phishing'.

    Version information

    Connector Version: 1.1.0

    Authored By: Fortinet.

    Certified: Yes

    IMPORTANT: Version 1.1.0 and later of the Phishing Classifier connector is supported on FortiSOAR release 7.3.1 and later. Therefore, it is recommended not to install or upgrade the Phishing Classifier connector v1.1.0 or later on FortiSOAR releases earlier than 7.3.1, such as FortiSOAR release 7.3.0, 7.2.2, etc.

    Release Notes for version 1.1.0

    The following enhancements have been made to the Phishing Classifier connector in version 1.1.0:

    • Added support for text-based prediction in the "Predict" action. In the "Predict" action, users can either pass direct text (email body) or any module field using dynamic input to get predictions.
    • Fixed the issue that was causing the connector configuration to fail whenever a "Custom" date range was used. Now, you can configure the connector with a custom date range.
    • Updated the connector output schema for the 'Predict' action to add the 'verdict' field, i.e., now, in the 'Output' users can see the value of the 'verdict' as "Phishing" or "Non-Phishing".

    Configuring the connector

    You must be an 'Administrator' with 'Security' rights on FortiSOAR to configure the Phishing Classifier connector. If you have appropriate rights, navigate to the Recommendation Engine > Phishing Classification tab on the System Configuration page and configure the Phishing Classifier connector. For more information on the 'Phishing Classification' and how to configure the Phishing Classifier connector, see the "Phishing Classification" topic in the Application Editor chapter in the "Administration Guide", which is part of the FortiSOAR™ product documentation.

    Actions supported by the connector

    The following automated operations can be included in playbooks and you can also use the annotations to access operations:

    Function Description
    Train Trains the dataset using the parameters you have specified while configuring the connector.
    You can choose the following methods to train the connector:
    • FortiSOAR Module: The connector integrates with FortiSOAR modules, so you can choose to train the connector using data present in your FortiSOAR system.
    • Pre-trained Module: You can also choose to use a pre-trained module that is shipped along with the connector so that you can use the connector from day one.
    Predict Predicts the field value for specified fields in the records you have specified. You can either pass direct text (email body) or the following fields in JSON format using dynamic input to get predictions:
    {
    "emailFrom": "<emailFrom>",
    "emailSubject": "<emailSubject>",
    "emailBody": "<emailBody>"
    }
    Note: The emailBody field is mandatory.
    Get Training Results Retrieves the results of the training.

    operation: Train

    Input parameters

    None.

    operation: Predict

    Input parameters

    Parameter Description
    Record Specify the record IRI, record JSON, or email body for which you want to predict the specified field values.
    Note: In the case of the record JSON, ensure that the keys in the JSON match those in the feature mapping.

    operation: Get Training Results

    Input parameters

    None.

    Troubleshooting

    Post-upgrade from FortiSOAR release 7.3.0 to 7.4.0, a configured Phishing Classifier connector displays the "Trained model not available" error

    If you have upgraded your FortiSOAR instance from release 7.3.0 to 7.4.0, then the Phishing Classifier connector that you had configured displays an error such as "Trained model not available for the selected configuration".

    Resolution
    You must retrain your Phishing Classifier connector's dataset after upgrading your FortiSOAR instance from release 7.3.0 to 7.4.0.

    Post-upgrade the phishing classifier connector both the phishing classifications and the ML-based recommendations display older or stale data

    Version 1.1.0 and later of the Phishing Classifier connector is supported on FortiSOAR release 7.3.1 and later. Therefore, it is recommended not to install or upgrade the Phishing Classifier connector v1.1.0 on FortiSOAR releases earlier than 7.3.1, such as FortiSOAR release 7.3.0, 7.2.2, etc. However, if you have upgraded the Phishing Classifier connector to 1.1.0 or later on a FortiSOAR release prior to 7.3.1, for example, release 7.3.0, then the phishing classifier connector uses stale data. To resolve this issue, do the following:

    Resolution

    1. Restart the uwsgi service using the following command:
      # systemctl restart uwsgi
    2. If you have configured phishing classification using 'FortiSOAR Module' data, then retrain both your 'Record Similarity' configuration for 'Machine Learning Based Clustering' and your 'Phishing Classification' configuration.
      OR
      If you have configured phishing classification using 'Pre-Trained' data, then delete your existing configuration and add a new configuration, and then re-train your 'Record Similarity' configuration for 'Machine Learning Based Clustering'.
    Previous
    Next

    Phishing Classifier Connector v1.1.0

    Overview

    FortiSOAR™ provides you with a number of pre-installed connectors or built-ins, such as the IMAP or Database connectors that you can use within FortiSOAR™ playbooks, as a connector step, and perform automated operations. These connectors are bundled and named based on the type of operations the connectors can perform. For example, the Database connector would contain actions that you can perform with respect to the database like querying the database. It is easy to extend and enhance these connectors.

    Apart from the FortiSOAR™ Built-in connectors, Fortinet also provides a number of connectors for popular integrations like SIEMs, such as FortiSIEM, Splunk, etc., and Ticketing systems such as Jira. You can see a list of published connectors on the FortiSOAR Connectors Documentation site.

    The process of installing, configuring, and using connectors is defined in the Introduction to connectors chapter in the "Connectors Guide", which is part of the FortiSOAR™ documentation or see the Installing a connector and Configuring a connector articles.

    FortiSOAR™ Built-in connectors are upgraded by default with a FortiSOAR™ upgrade. Use the Content Hub to upgrade your connectors to the latest version, in case you want to only upgrade the connectors and not FortiSOAR™. For more information on the connector store, see the Introduction to connectors chapter and see the FortiSOAR Built-in connectors article.

    Important: Before you upgrade your FortiSOAR™ version, it is highly recommended that you take a backup of your FortiSOAR™ Built-in connector's (SSH, IMAP, Database, etc.) configuration since the configuration of your FortiSOAR™ Built-in connectors might be reset if there are changes to the configuration parameters across versions.

    Phishing Classifier

    The Phishing Classifier connector leverages Machine Learning (ML) to classify records (emails) into 'Phishing' and 'Non-Phishing'.

    Version information

    Connector Version: 1.1.0

    Authored By: Fortinet.

    Certified: Yes

    IMPORTANT: Version 1.1.0 and later of the Phishing Classifier connector is supported on FortiSOAR release 7.3.1 and later. Therefore, it is recommended not to install or upgrade the Phishing Classifier connector v1.1.0 or later on FortiSOAR releases earlier than 7.3.1, such as FortiSOAR release 7.3.0, 7.2.2, etc.

    Release Notes for version 1.1.0

    The following enhancements have been made to the Phishing Classifier connector in version 1.1.0:

    Configuring the connector

    You must be an 'Administrator' with 'Security' rights on FortiSOAR to configure the Phishing Classifier connector. If you have appropriate rights, navigate to the Recommendation Engine > Phishing Classification tab on the System Configuration page and configure the Phishing Classifier connector. For more information on the 'Phishing Classification' and how to configure the Phishing Classifier connector, see the "Phishing Classification" topic in the Application Editor chapter in the "Administration Guide", which is part of the FortiSOAR™ product documentation.

    Actions supported by the connector

    The following automated operations can be included in playbooks and you can also use the annotations to access operations:

    Function Description
    Train Trains the dataset using the parameters you have specified while configuring the connector.
    You can choose the following methods to train the connector:
    • FortiSOAR Module: The connector integrates with FortiSOAR modules, so you can choose to train the connector using data present in your FortiSOAR system.
    • Pre-trained Module: You can also choose to use a pre-trained module that is shipped along with the connector so that you can use the connector from day one.
    Predict Predicts the field value for specified fields in the records you have specified. You can either pass direct text (email body) or the following fields in JSON format using dynamic input to get predictions:
    {
    "emailFrom": "<emailFrom>",
    "emailSubject": "<emailSubject>",
    "emailBody": "<emailBody>"
    }
    Note: The emailBody field is mandatory.
    Get Training Results Retrieves the results of the training.

    operation: Train

    Input parameters

    None.

    operation: Predict

    Input parameters

    Parameter Description
    Record Specify the record IRI, record JSON, or email body for which you want to predict the specified field values.
    Note: In the case of the record JSON, ensure that the keys in the JSON match those in the feature mapping.

    operation: Get Training Results

    Input parameters

    None.

    Troubleshooting

    Post-upgrade from FortiSOAR release 7.3.0 to 7.4.0, a configured Phishing Classifier connector displays the "Trained model not available" error

    If you have upgraded your FortiSOAR instance from release 7.3.0 to 7.4.0, then the Phishing Classifier connector that you had configured displays an error such as "Trained model not available for the selected configuration".

    Resolution
    You must retrain your Phishing Classifier connector's dataset after upgrading your FortiSOAR instance from release 7.3.0 to 7.4.0.

    Post-upgrade the phishing classifier connector both the phishing classifications and the ML-based recommendations display older or stale data

    Version 1.1.0 and later of the Phishing Classifier connector is supported on FortiSOAR release 7.3.1 and later. Therefore, it is recommended not to install or upgrade the Phishing Classifier connector v1.1.0 on FortiSOAR releases earlier than 7.3.1, such as FortiSOAR release 7.3.0, 7.2.2, etc. However, if you have upgraded the Phishing Classifier connector to 1.1.0 or later on a FortiSOAR release prior to 7.3.1, for example, release 7.3.0, then the phishing classifier connector uses stale data. To resolve this issue, do the following:

    Resolution

    1. Restart the uwsgi service using the following command:
      # systemctl restart uwsgi
    2. If you have configured phishing classification using 'FortiSOAR Module' data, then retrain both your 'Record Similarity' configuration for 'Machine Learning Based Clustering' and your 'Phishing Classification' configuration.
      OR
      If you have configured phishing classification using 'Pre-Trained' data, then delete your existing configuration and add a new configuration, and then re-train your 'Record Similarity' configuration for 'Machine Learning Based Clustering'.
    Previous
    Next