DOCUMENT LIBRARY
1.2.1
DOCUMENT LIBRARY
1.2.1
FortiRecon is a Digital Risk Protection Service (DRPS) product that provides an outside-the-network view of the risks posed to your enterprise.
This document provides information about the Fortinet FortiRecon EASM Connector, which facilitates automated interactions with a Fortinet FortiRecon EASM server using FortiSOARâ„¢ playbooks. Add the Fortinet FortiRecon EASM Connector as a step in FortiSOARâ„¢ playbooks and perform automated operations with Fortinet FortiRecon EASM.
Connector Version: 1.2.1
FortiSOARâ„¢ Version Tested on: 7.6.4-5623
Fortinet FortiRecon EASM Version Tested on: Version: v25.4.a
Authored By: Fortinet
Contributor: Ramkrushna Pathade
Certified: Yes
The following enhancements have been made to the Fortinet FortiRecon EASM Connector in version 1.2.1:
Use the Content Hub to install the connector. For the detailed procedure to install a connector, click here.
You can also use the following yum command to install connectors from an SSH session:
sudo yum install cyops-connector-fortinet-fortirecon-easm
For the procedure to configure a connector, click here.
In FortiSOAR™, on the Connectors page, click the Fortinet FortiRecon EASM connector row (if you are in the Grid view on the Connectors page) and in the Configurations tab, enter the required configuration details:
| Parameter | Description |
|---|---|
| Server URL | Server name or IP address to which you will connect and perform the automated operations. |
| API Key | API key to access the endpoint server to which you connect and perform the automated operations. |
| Organization ID | The organization ID on which FortiRecon operations are to be performed. |
| Verify SSL | Specifies whether the SSL certificate for the server is to be verified. By default, this option is selected, i.e., set to True. |
The following automated operations can be included in playbooks and you can also use the annotations to access operations:
| Function | Description | Annotation and Category |
|---|---|---|
| Get Leaked Credentials | Retrieves a list of leaked credentials related to the organization ID based on the keyword to search, breach ID, and date-time range you have specified. | get_leaked_credentials Investigation |
| Get Scan Statistics | Retrieves statistics related to the EASM scan related to the organization ID specified in the configuration parameters. The response includes a count of the total, online, and newly discovered assets for the current and previous scans. | get_scan_statistics Investigation |
| Get Issues Discovered | Retrieves a list of security issues related to assets discovered in the most recent EASM scan based on the filter criteria like issue status, severity, and the country codes (US, IN) you have specified. |
get_issues_discovered Investigation |
| Get Issue By ID | Retrieves details about a specific security issue based on the unique issue ID you have specified. | get_issue_by_id Investigation |
| Get Issue Summary | Retrieves the statistics related to security issues discovered in the most recent EASM scan. The response includes a count of the total discovered issues, along with the severity-wise count. | get_issue_summary Investigation |
| Get Archived Issues | Retrieves a list of security issues that have been marked as either Risk Accepted or False Positive based on the asset you have specified. | get_archived_issues Investigation |
| Get Archived Assets | Retrieves a list of assets that have been marked as either Risk Accepted or False Positive. | get_archived_assets Investigation |
| Get Asset ASNs | Retrieves a list of Autonomous System Numbers (ASNs) discovered in the latest EASM scan based on the asset you have specified. | get_asset_asns Investigation |
| Get ASNs by Asset ID | Retrieves details about a specific Autonomous System Number(ASN) based on the asset ID you have specified. | get_asns_by_asset_id Investigation |
| Get Domains | Retrieves a list of domains discovered in the latest EASM scan based on the filter criteria like ports, technologies, and assets you have specified. | get_domains Investigation |
| Get Domain by Asset ID | Retrieves domain details based on the asset ID you have specified. | get_domain_by_asset_id Investigation |
| Get IPs | Retrieves a list of IP addresses discovered in the latest EASM scan based on the filter criteria like ports, country codes, and assets you have specified. | get_ips Investigation |
| Get IP by Asset ID | Retrieves IP address details based on the asset ID you have specified. | get_ips_by_asset_id Investigation |
| Get Prefixes | Retrieves a list of IP prefixes discovered in the latest EASM scan based on the filter criteria, like ASN and assets you have specified. | get_prefixes Investigation |
| Get Prefixes by Asset ID | Retrieves details about a specific IP prefix based on the asset ID you have specified. | get_prefixes_by_asset_id Investigation |
| Get Subdomains | Retrieves a list of subdomains discovered in the latest EASM scan based on the filter criteria like ports, technologies, and assets you have specified. | get_subdomains Investigation |
| Get Subdomain by Asset ID | Retrieves subdomain details based on the asset ID you have specified. | get_subdomain_by_asset_id Investigation |
| Get Asset Statistics | Retrieves the statistics related to assets discovered in the most recent EASM scan. The response includes a count of the total discovered and online assets. | get_asset_statistics Investigation |
| Get Breaches | Retrieves a list of credential breaches related to the organization ID based on the keyword to search and other details you have specified. | get_breaches Investigation |
| Get Breaches by ID | Retrieves details about a specific credential breach based on the breach ID you have specified. | get_breaches_by_id Investigation |
| Generate Report | Initiates the report generation for the latest EASM scan. | generate_report Investigation |
| Get Report | Checks the status of the generated EASM report based on the report ID you have specified. The response contains the S3 URL of the report to download if generated. | get_report Investigation |
| Get Exposed Services | Retrieves a list of exposed services in the latest EASM scan based on the filter criteria like asset, ports, services, and products etc. | get_exposed_services Investigation |
| Get Cloud Integrations | Retrieves a list of cloud integrations based on the filter criteria like provider, connection_status. | get_cloud_integrations Investigation |
| Get FortiGate Integrations | Retrieves a list of FortiGate integrations based on the input parameters specified. | get_fgt_integrations Investigation |
| Get Security Insights | Retrieves the security insights on DNS configurations for the given domain. | get_security_insights Investigation |
| Get Archived Issue Comments | Retrieves a list of comments for the given archived issue ID. | get_archived_issue_comments Investigation |
| Get Issue Comments | Retrieves a list of comments for the given issue ID. | get_issue_comments Investigation |
| Get Tags | Retrieves a list of tags based on scope, name, and other parameters specified. | get_tags Investigation |
| Get Tag Details | Retrieves specific tag details based on the tag ID specified. | get_tag_by_id Investigation |
| Get Groups | Retrieves a list of groups based on scope, name, and other parameters specified. | get_groups Investigation |
| Get Group Details | Retrieves a specific group's details based on the group ID specified. | get_group_by_id Investigation |
| Update Archived Asset | Updates a specific asset's status to Active based on the asset ID specified. This action removes the specified asset from archived assets; however, its linked assets remain in the archive. The asset will be shown immediately in the profile settings seed section. However, the asset gets scanned again within 24 hours and will then be shown in active assets. If any issues are found during the scan, they are shown on the issues page. |
update_archived_asset Investigation |
| Mark Archived Issue as Active | Updates the status of a specific archived security issue record to Active based on the issue ID specified. | update_archived_issue Investigation |
| Update Issue Status | Updates the status of a specific security issue record based on the security issue ID specified. If the specified issue status is updated to false_positive or risk_accepted, it will appear in the archived issues. |
update_issue_status Investigation |
| Update ASN Asset To False Positive | Marks a specific ASN asset as a false positive based on the asset ID specified. This action also marks the specified ASN asset's linked assets as false positives. Once marked, these assets will appear in the archived assets. All issues associated with the specified ASN asset will be removed. |
update_asn_asset_status_to_false_positive Investigation |
| Update IP Prefix Asset To False Positive | Marks a specific IP Prefix asset as a false positive based on the asset ID specified. This action also marks the specified IP Prefix asset's linked assets as false positives. Once marked, these assets will appear in the archived assets. All issues associated with the specified IP Prefix asset are also removed. |
update_prefix_asset_status_to_false_positive Investigation |
| Update IP Asset To False Positive | Marks a specific IP asset as a false positive based on the asset ID specified. This action also marks the specified IP asset's linked assets as false positives. Once marked, these assets will appear in the archived assets. All issues associated with the specified IP asset are also removed. |
update_ip_asset_status_to_false_positive Investigation |
| Update Domain Asset To False Positive | Marks a specific domain asset as a false positive based on the asset ID specified. This action also marks the specified domain asset's linked assets as false positives. Once marked, these assets will appear in the archived assets. All issues associated with the specified domain asset are also removed. |
update_domain_asset_status_to_false_positive Investigation |
| Update Sub-Domain Asset To False Positive | Marks a specific subdomain asset as a false positive based on the asset ID specified. This action also marks the specified subdomain asset's linked assets as false positives. Once marked, these assets will appear in the archived assets. All issues associated with the specified subdomain asset are also removed. |
update_subdomain_asset_status_to_false_positive Investigation |
| Update Leaked Credential Status | Updates the status of a specific leaked credential record to Active or Resolved, based on the leaked credential ID specified. | update_leaked_credential_status Investigation |
| Parameter | Description |
|---|---|
| Keyword | (Optional) Specify the text to search in the email address and the breach name. Specified keywords are searched in these fields: email, breach name, and domain. For example, if you specify user@example.com, the response filters out results and fetches credentials exposed for user@example.com. |
| Breach ID | (Optional) Specify the breach ID to filter the leaked credentials received. |
| Email ID | (Optional) Specify the email ID to filter the leaked credentials retrieved. |
| Domain | (Optional) Specify the domain to filter the leaked credentials retrieved. |
| Status | (Optional) Specify the status to filter the leaked credentials retrieved. |
| Has Password | (Optional) Specify whether to filter the leaked credential list based on whether the credentials contain passwords. |
| Show Plaintext Password | (Optional) Select to show password in plaintext in the response. |
| Start Date | (Optional) Specify the start date to filter the credential leak discovery date. The default is set as the last 6 months. |
| End Date | (Optional) Specify the end date to filter the credential leak discovery date. The default is the current day's date. |
| Page | (Optional) Specify the page number from which you want to retrieve records. By default, it is set to 1. |
| Size | (Optional) Specify the maximum number of records that this operation should return for the specified page. By default, this operation retrieves 10 records. Minimum permissible value is 0 and the maximum is 500. |
The output contains the following populated JSON schema:
{
"total": "",
"page": "",
"size": "",
"hits": [
{
"email": "",
"domain": "",
"status": "",
"added_on": "",
"breach_id": "",
"breach_date": "",
"breach_name": "",
"has_password": "",
"plaintext_passwords": []
}
]
}
| Parameter | Description |
|---|---|
| Tags In (Match Any) | (Optional) Specify the tag ID to filter retrieved results. You can specify multiple tag IDs as comma-separated values. It returns results if it matches any of the specified tags, operating as an OR filter. |
| Tags In (Match All) | (Optional) Specify the tag ID to filter retrieved results. You can specify multiple tag IDs as comma-separated values. It returns results if it matches all of the specified tags, operating as an AND filter. |
| Groups In (Match Any) | (Optional) Specify the group ID to filter retrieved results. You can specify multiple group IDs as comma-separated values. It returns results if it matches any of the specified groups, operating as an OR filter. |
| Groups In (Match All) | (Optional) Specify the group ID to filter retrieved results. You can specify multiple group IDs as comma-separated values. It returns results if it matches all of the specified groups, operating as an AND filter. |
The output contains the following populated JSON schema:
{
"current_scan": {
"assets": {
"disappeared": {
"asn": "",
"domain": "",
"ip_address": "",
"ip_block": "",
"sub_domain": ""
},
"live": "",
"newly_discovered": {
"asn": "",
"domain": "",
"ip_address": "",
"ip_block": "",
"sub_domain": ""
},
"total": ""
},
"completed_ts": ""
},
"previous_scan": {
"assets": {
"live": "",
"total": ""
},
"completed_ts": ""
}
}
| Parameter | Description |
|---|---|
| Status | (Optional) Select the status to filter the results. You can choose from the following options:
|
| Severity | (Optional) Select the severity to filter the results. You can choose from the following options:
|
| NVD Severity | (Optional) Select the NVD severity to filter the results. You can choose from the following options:
|
| Recon Severity | (Optional) Select the Recon severity to filter the results. You can choose from the following options:
|
| Countries | (Optional) Specify the country code to filter the discovered issues. Specify the countries as comma-separated values to get all those results that have any of the specified countries. For example: IN,US |
| Bucket ID | (Optional) Specify the bucket IDs to filter the results. You can choose from the following options:
|
| Issue Name Identifier | (Optional) Specify the issue name identifiers to filter the results, as comma-separated values. For example: ip_blacklist,cve_2019_1234 |
| Asset Type | (Optional) Select the asset type to filter the discovered issues. You can choose from the following options:
|
| Asset | (Optional) Specify the asset to filter the results. For example: test.example.com |
| Search Type | (Optional) Specify the search type to filter the retrieved issues.
NOTE: Use the Asset parameter, along with this parameter, to search. |
| Tags In (Match Any) | (Optional) Specify the tag ID to filter retrieved results. You can specify multiple tag IDs as comma-separated values. It returns results if it matches any of the specified tags, operating as an OR filter. |
| Tags In (Match All) | (Optional) Specify the tag ID to filter retrieved results. You can specify multiple tag IDs as comma-separated values. It returns results if it matches all of the specified tags, operating as an AND filter. |
| Groups In (Match Any) | (Optional) Specify the group ID to filter retrieved results. You can specify multiple group IDs as comma-separated values. It returns results if it matches any of the specified groups, operating as an OR filter. |
| Groups In (Match All) | (Optional) Specify the group ID to filter retrieved results. You can specify multiple group IDs as comma-separated values. It returns results if it matches all of the specified groups, operating as an AND filter. |
| After Primary Scan | (Optional) Select whether to fetch results for items created before or after the primary scan. You can choose from the following options:
|
| Created Time | (Optional) Specify the time range to filter results based on the created time. The following are the accepted formats:
For example: |
| Modified Time | (Optional) Specify the time range to filter results based on the modified time. The following are the accepted formats:
For example: |
| Page | (Optional) Specify the page number from which you want to retrieve records. By default, it is set to 1. |
| Size | (Optional) Specify the maximum number of records that this operation should return for the specified page. By default, this operation retrieves 10 records. Minimum permissible value is 0 and the maximum is 500. |
The output contains the following populated JSON schema:
{
"hits": [
{
"tags": [
{
"id": "",
"name": ""
}
],
"groups": [
{
"id": "",
"name": ""
}
],
"id": "",
"issue_name": "",
"asset": "",
"asset_type": "",
"country": "",
"severity": "",
"nvd_severity": "",
"recon_severity": "",
"port": "",
"bucket": "",
"status": "",
"user_name": "",
"issue_name_identifier": "",
"bucket_id": "",
"created_ts": "",
"modified_ts": ""
}
],
"page": "",
"size": "",
"total": ""
}
| Parameter | Description |
|---|---|
| Issue ID | Specify the issue ID to get details about that specific security issue. |
The output contains the following populated JSON schema:
{
"total": "",
"page": "",
"size": "",
"hits": [
{
"email": "",
"domain": "",
"status": "",
"added_on": "",
"breach_id": "",
"breach_date": "",
"breach_name": "",
"has_password": "",
"plaintext_passwords": []
}
]
}
| Parameter | Description |
|---|---|
| Tags In (Match Any) | (Optional) Specify the tag ID to filter retrieved results. You can specify multiple tag IDs as comma-separated values. It returns results if it matches any of the specified tags, operating as an OR filter. |
| Tags In (Match All) | (Optional) Specify the tag ID to filter retrieved results. You can specify multiple tag IDs as comma-separated values. It returns results if it matches all of the specified tags, operating as an AND filter. |
| Groups In (Match Any) | (Optional) Specify the group ID to filter retrieved results. You can specify multiple group IDs as comma-separated values. It returns results if it matches any of the specified groups, operating as an OR filter. |
| Groups In (Match All) | (Optional) Specify the group ID to filter retrieved results. You can specify multiple group IDs as comma-separated values. It returns results if it matches all of the specified groups, operating as an AND filter. |
| After Primary Scan | (Optional) Select whether to fetch results for items created before or after the primary scan. You can choose from the following options:
|
The output contains the following populated JSON schema:
{
"hits": [
{
"asset": "",
"asset_type": "",
"groups": [
{
"id": "",
"name": ""
}
],
"id": "",
"issue_name": "",
"port": "",
"status": "",
"tags": [
{
"id": "",
"name": ""
}
],
"created_ts": "",
"modified_ts": "",
"user_name": ""
}
],
"page": "",
"size": "",
"total": ""
}
| Parameter | Description |
|---|---|
| Status | (Optional) Select the status to filter the retrieved archived issues. You can choose from the following options:
|
| Asset Type | (Optional) Select the asset type to filter the retrieved archived issues. You can choose from the following options:
|
| Asset | (Optional) Specify the asset to filter the retrieved archived issues. For example: asset.example.com |
| Tags In (Match Any) | (Optional) Specify the tag ID to filter retrieved results. You can specify multiple tag IDs as comma-separated values. It returns results if it matches any of the specified tags, operating as an OR filter. |
| Tags In (Match All) | (Optional) Specify the tag ID to filter retrieved results. You can specify multiple tag IDs as comma-separated values. It returns results if it matches all of the specified tags, operating as an AND filter. |
| Groups In (Match Any) | (Optional) Specify the group ID to filter retrieved results. You can specify multiple group IDs as comma-separated values. It returns results if it matches any of the specified groups, operating as an OR filter. |
| Groups In (Match All) | (Optional) Specify the group ID to filter retrieved results. You can specify multiple group IDs as comma-separated values. It returns results if it matches all of the specified groups, operating as an AND filter. |
| Created Time | (Optional) Specify the time range to filter results based on the created time. The following are the accepted formats:
For example: |
| Modified Time | (Optional) Specify the time range to filter results based on the modified time. The following are the accepted formats:
For example: |
| Page | (Optional) Specify the page number from which you want to retrieve records. By default, it is set to 1. |
| Size | (Optional) Specify the maximum number of records that this operation should return for the specified page. By default, this operation retrieves 10 records. Minimum permissible value is 0 and the maximum is 500. |
The output contains the following populated JSON schema:
{
"hits": [
{
"asset": "",
"asset_type": "",
"groups": [
{
"id": "",
"name": ""
}
],
"id": "",
"tags": [
{
"id": "",
"name": ""
}
],
"user_action": "",
"user_name": "",
"created_ts": "",
"modified_ts": ""
}
],
"page": "",
"size": "",
"total": ""
}
| Parameter | Description |
|---|---|
| User Action | (Optional) Select the user action based on which to filter the fetched archived assets. You can choose from the following options:
|
| Asset Type | (Optional) Select the asset type to filter the archived assets. You can choose from the following options:
|
| Asset | (Optional) Specify the asset to filter the retrieved archived assets. For example: asset.example.com |
| Tags In (Match Any) | (Optional) Specify the tag ID to filter retrieved results. You can specify multiple tag IDs as comma-separated values. It returns results if it matches any of the specified tags, operating as an OR filter. |
| Tags In (Match All) | (Optional) Specify the tag ID to filter retrieved results. You can specify multiple tag IDs as comma-separated values. It returns results if it matches all of the specified tags, operating as an AND filter. |
| Groups In (Match Any) | (Optional) Specify the group ID to filter retrieved results. You can specify multiple group IDs as comma-separated values. It returns results if it matches any of the specified groups, operating as an OR filter. |
| Groups In (Match All) | (Optional) Specify the group ID to filter retrieved results. You can specify multiple group IDs as comma-separated values. It returns results if it matches all of the specified groups, operating as an AND filter. |
| Created Time | (Optional) Specify the time range to filter results based on the created time. The following are the accepted formats:
For example: |
| Modified Time | (Optional) Specify the time range to filter results based on the modified time. The following are the accepted formats:
For example: |
| Page | (Optional) Specify the page number from which you want to retrieve records. By default, it is set to 1. |
| Size | (Optional) Specify the maximum number of records that this operation should return for the specified page. By default, this operation retrieves 10 records. Minimum permissible value is 0 and the maximum is 500. |
The output contains the following populated JSON schema:
{
"hits": [
{
"asset": "",
"asset_type": "",
"groups": [
{
"id": "",
"name": ""
}
],
"id": "",
"tags": [
{
"id": "",
"name": ""
}
],
"user_action": "",
"user_name": "",
"created_ts": "",
"modified_ts": ""
}
],
"page": "",
"size": "",
"total": ""
}
| Parameter | Description |
|---|---|
| Search Type | (Optional) Specify the search type to filter the results.
NOTE: Use the Asset parameter to search along with this parameter. |
| Asset | (Optional) Specify the asset to filter the results. For example: AS0000. |
| Tags In (Match Any) | (Optional) Specify the tag ID to filter retrieved results. You can specify multiple tag IDs as comma-separated values. It returns results if it matches any of the specified tags, operating as an OR filter. |
| Tags In (Match All) | (Optional) Specify the tag ID to filter retrieved results. You can specify multiple tag IDs as comma-separated values. It returns results if it matches all of the specified tags, operating as an AND filter. |
| Groups In (Match Any) | (Optional) Specify the group ID to filter retrieved results. You can specify multiple group IDs as comma-separated values. It returns results if it matches any of the specified groups, operating as an OR filter. |
| Groups In (Match All) | (Optional) Specify the group ID to filter retrieved results. You can specify multiple group IDs as comma-separated values. It returns results if it matches all of the specified groups, operating as an AND filter. |
| After Primary Scan | (Optional) Select whether to fetch results for items created before or after the primary scan. You can choose from the following options:
|
| Discovered By FortiGate Integration | (Optional) Select whether to fetch assets discovered via FortiGate integrations. You can choose from the following options:
|
| Cloud Metadata | (Optional) Specify the cloud metadata in JSON format to filter the results. Available fields are: integration_id, cloud_provider, account_id, resource_id, resource_group, resource_name, resource_type, region, and subscription_id. For example:
{
"cloud_provider": [
"azure"
],
"region": [
"westus2"
],
"integration_id": [
"777408f550e5rrdd1hjf3w90"
],
"resource_name": [
"TestAssetsPublic"
]
}
|
| Created Time | (Optional) Specify the time range to filter results based on the created time. The following are the accepted formats:
For example: |
| Modified Time | (Optional) Specify the time range to filter results based on the modified time. The following are the accepted formats:
For example: |
| Page | (Optional) Specify the page number from which you want to retrieve records. By default, it is set to 1. |
| Size | (Optional) Specify the maximum number of records that this operation should return for the specified page. By default, this operation retrieves 10 records. Minimum permissible value is 0 and the maximum is 500. |
The output contains the following populated JSON schema:
{
"hits": [
{
"asset": "",
"assets_linked_count": "",
"company_name": "",
"fgt_metadata": {},
"groups": [
{
"id": "",
"name": ""
}
],
"id": "",
"created_ts": "",
"modified_ts": "",
"tags": [
{
"id": "",
"name": ""
}
]
}
],
"page": "",
"size": "",
"total": ""
}
| Parameter | Description |
|---|---|
| Asset ID | Specify the asset ID to retrieve the ASN details. |
| Linked Assets | (Optional) Select to retrieve linked assets. By default, it is unchecked and set to False. |
The output contains the following populated JSON schema:
Output schema when you choose Linked Assets as false:
{
"groups": [
{
"id": "",
"name": ""
}
],
"tags": [
{
"id": "",
"name": ""
}
],
"id": "",
"asset": "",
"assets_linked_count": "",
"company_name": "",
"fgt_metadata": {},
"created_ts": "",
"modified_ts": "",
"discovery_path": [
{
"source": "",
"module": "",
"name": "",
"target": "",
"data_type": ""
}
]
}
Output schema when you choose Linked Assets as true:
{
"groups": [
{
"id": "",
"name": ""
}
],
"tags": [
{
"id": "",
"name": ""
}
],
"id": "",
"asset": "",
"assets_linked_count": "",
"company_name": "",
"fgt_metadata": {},
"discovery_path": [
{
"source": "",
"module": "",
"name": "",
"target": "",
"data_type": ""
}
],
"assets_linked": []
}
| Parameter | Description |
|---|---|
| Ports | (Optional) Specify the ports to filter retrieved domains. Specify the ports as comma-separated values to get only those results that have all of the specified ports. For example 8080,443 |
| Technologies | (Optional) Specify the ports to filter retrieved domains. Specify a comma-separated string or a single string. For example MySQL,Bootstrap |
| Asset | (Optional) Specify the asset to filter retrieved domains. |
| Search Type | (Optional) Specify the search type to filter retrieved domains.
NOTE: Use the Asset parameter to search along with this parameter. |
| Tags In (Match Any) | (Optional) Specify the tag ID to filter retrieved results. You can specify multiple tag IDs as comma-separated values. It returns results if it matches any of the specified tags, operating as an OR filter. |
| Tags In (Match All) | (Optional) Specify the tag ID to filter retrieved results. You can specify multiple tag IDs as comma-separated values. It returns results if it matches all of the specified tags, operating as an AND filter. |
| Groups In (Match Any) | (Optional) Specify the group ID to filter retrieved results. You can specify multiple group IDs as comma-separated values. It returns results if it matches any of the specified groups, operating as an OR filter. |
| Groups In (Match All) | (Optional) Specify the group ID to filter retrieved results. You can specify multiple group IDs as comma-separated values. It returns results if it matches all of the specified groups, operating as an AND filter. |
| After Primary Scan | (Optional) Select whether to fetch results for items created before or after the primary scan. You can choose from the following options:
|
| Discovered By FortiGate Integration | (Optional) Select whether to fetch domains discovered via FortiGate integrations. You can choose from the following options:
|
| Is Live | (Optional) Select whether to fetch domains that are live. You can choose from the following options:
|
| Discovered By Cloud Integration | (Optional) Select whether to fetch domains discovered via Cloud integrations. You can choose from the following options:
|
| Cloud Metadata | (Optional) Specify the cloud metadata in JSON format to filter the results. Available fields are: integration_id, cloud_provider, account_id, resource_id, resource_group, resource_name, resource_type, region, and subscription_id. For example:
{
"cloud_provider": [
"azure"
],
"region": [
"westus2"
],
"integration_id": [
"777408f550e5rrdd1hjf3w90"
],
"resource_name": [
"TestAssetsPublic"
]
}
|
| Created Time | (Optional) Specify the time range to filter results based on the created time. The following are the accepted formats:
For example: |
| Modified Time | (Optional) Specify the time range to filter results based on the modified time. The following are the accepted formats:
For example: |
| Page | (Optional) Specify the page number from which you want to retrieve records. By default, it is set to 1. |
| Size | (Optional) Specify the maximum number of records that this operation should return for the specified page. By default, this operation retrieves 10 records. Minimum permissible value is 0 and the maximum is 500. |
The output contains the following populated JSON schema:
{
"hits": [
{
"asset": "",
"assets_linked_count": "",
"cloud_metadata": {
"region": "",
"resource_id": "",
"resource_name": "",
"resource_type": "",
"cloud_provider": "",
"resource_group": "",
"customer_integration_name": ""
},
"confidence": "",
"domain_expiry": "",
"fgt_metadata": {
"virtual_ip": [
{
"name": "",
"protocol": "",
"mapped_ip": "",
"mapped_ports": "",
"external_ports": "",
"mapped_device_mac": "",
"mapped_device_os_name": ""
}
],
"interface_id": "",
"integration_id": "",
"interface_name": "",
"integration_type": "",
"customer_integration_name": ""
},
"groups": [
{
"id": "",
"name": ""
}
],
"id": "",
"ip_address": "",
"nameserver": [],
"original_ip": [],
"ports": [],
"ssl_cert_org": "",
"tags": [
{
"id": "",
"name": ""
}
],
"technologies": [],
"created_ts": "",
"modified_ts": ""
}
],
"page": "",
"size": "",
"total": ""
}
| Parameter | Description |
|---|---|
| Asset ID | Specify the asset ID to retrieve its associated domain details. |
| Linked Assets | (Optional) Select to retrieve linked assets. By default, it is unchecked and set to false. |
The output contains the following populated JSON schema:
Output schema when you choose Linked Assets as false:
{
"tags": [
{
"id": "",
"name": ""
}
],
"groups": [
{
"id": "",
"name": ""
}
],
"id": "",
"asset": "",
"ports": [],
"ssl_cert_org": "",
"ip_address": "",
"technologies": [],
"confidence": "",
"domain_expiry": "",
"nameserver": [],
"original_ip": [],
"cloud_metadata": {
"region": "",
"resource_id": "",
"resource_name": "",
"resource_type": "",
"cloud_provider": "",
"resource_group": "",
"customer_integration_name": ""
},
"fgt_metadata": {
"customer_integration_name": "",
"integration_id": "",
"integration_type": "",
"interface_id": "",
"interface_name": "",
"virtual_ip": [
{
"external_ports": "",
"mapped_device_mac": "",
"mapped_device_os_name": "",
"mapped_ip": "",
"mapped_ports": "",
"name": "",
"protocol": ""
}
]
},
"assets_linked_count": "",
"issue_count": "",
"created_ts": "",
"modified_ts": "",
"discovery_path": [
{
"source": "",
"module": "",
"name": "",
"target": "",
"data_type": ""
}
]
}
Output schema when you choose Linked Assets as true:
{
"tags": [
{
"id": "",
"name": ""
}
],
"groups": [
{
"id": "",
"name": ""
}
],
"id": "",
"asset": "",
"ports": [],
"ssl_cert_org": "",
"ip_address": "",
"technologies": [],
"confidence": "",
"domain_expiry": "",
"nameserver": [],
"original_ip": [],
"cloud_metadata": {
"region": "",
"resource_id": "",
"resource_name": "",
"resource_type": "",
"cloud_provider": "",
"resource_group": "",
"customer_integration_name": ""
},
"fgt_metadata": {
"customer_integration_name": "",
"integration_id": "",
"integration_type": "",
"interface_id": "",
"interface_name": "",
"virtual_ip": [
{
"external_ports": "",
"mapped_device_mac": "",
"mapped_device_os_name": "",
"mapped_ip": "",
"mapped_ports": "",
"name": "",
"protocol": ""
}
]
},
"assets_linked_count": "",
"issue_count": "",
"discovery_path": [
{
"source": "",
"module": "",
"name": "",
"target": "",
"data_type": ""
}
],
"assets_linked": []
}
| Parameter | Description |
|---|---|
| Ports | (Optional) Specify the ports to filter the retrieved IP addresses. Specify the ports as comma-separated values to get only those results that have ALL of the specified ports. For example: 8080,443. |
| Countries | (Optional) Specify the country code to filter the discovered issues. Specify the countries as comma-separated values to get all those results that have ANY of the specified countries. For example: IN,US |
| Asset | (Optional) Specify the asset to filter the retrieved IP addresses. |
| Search Type | (Optional) Select the search type to filter the retrieved IPs. You can choose from the following options:
NOTE: Use the Asset parameter to search along with this parameter. |
| IP Prefix | (Optional) Specify an IP address prefix to filter the retrieved IP addresses. |
| Version | (Optional) Select the IP version by which to retrieve records. You can choose from the following options:
|
| Tags In (Match Any) | (Optional) Specify the tag ID to filter retrieved results. You can specify multiple tag IDs as comma-separated values. It returns results if it matches any of the specified tags, operating as an OR filter. |
| Tags In (Match All) | (Optional) Specify the tag ID to filter retrieved results. You can specify multiple tag IDs as comma-separated values. It returns results if it matches all of the specified tags, operating as an AND filter. |
| Groups In (Match Any) | (Optional) Specify the group ID to filter retrieved results. You can specify multiple group IDs as comma-separated values. It returns results if it matches any of the specified groups, operating as an OR filter. |
| Groups In (Match All) | (Optional) Specify the group ID to filter retrieved results. You can specify multiple group IDs as comma-separated values. It returns results if it matches all of the specified groups, operating as an AND filter. |
| After Primary Scan | (Optional) Select whether to fetch results for items created before or after the primary scan. You can choose from the following options:
|
| Discovered By FortiGate Integration | (Optional) Select whether to fetch IP addresses discovered via FortiGate integrations. You can choose from the following options:
|
| Is Live | (Optional) Select whether to fetch IP addresses that are live. You can choose from the following options:
|
| Discovered By Cloud Integration | (Optional) Select whether to fetch IP addresses discovered via Cloud integrations. You can choose from the following options:
|
| Cloud Metadata | (Optional) Specify the cloud metadata in JSON format to filter the results. Available fields are: integration_id, cloud_provider, account_id, resource_id, resource_group, resource_name, resource_type, region, and subscription_id. For example:
{
"cloud_provider": [
"azure"
],
"region": [
"westus2"
],
"integration_id": [
"777408f550e5rrdd1hjf3w90"
],
"resource_name": [
"TestAssetsPublic"
]
}
|
| Created Time | (Optional) Specify the time range to filter results based on the created time. The following are the accepted formats:
For example: |
| Modified Time | (Optional) Specify the time range to filter results based on the modified time. The following are the accepted formats:
For example: |
| Page | (Optional) Specify the page number from which you want to retrieve records. By default, it is set to 1. |
| Size | (Optional) Specify the maximum number of records that this operation should return for the specified page. By default, this operation retrieves 10 records. Minimum permissible value is 0 and the maximum is 500. |
The output contains the following populated JSON schema:
{
"total": "",
"page": "",
"size": "",
"hits": [
{
"tags": [
{
"id": "",
"name": ""
}
],
"groups": [
{
"id": "",
"name": ""
}
],
"id": "",
"ip_prefix": "",
"asset": "",
"ports": [],
"cloud_metadata": {},
"fgt_metadata": {},
"discovery_path": [],
"assets_linked_count": "",
"version": "",
"created_ts": "",
"modified_ts": ""
}
]
}
| Parameter | Description |
|---|---|
| Asset ID | Specify the asset ID to retrieve the IP address details. |
| Linked Assets | (Optional) Select to retrieve linked assets. By default, it is unchecked and set to False. |
The output contains the following populated JSON schema:
Output schema when you choose Linked Assets as false:
{
"tags": [],
"groups": [
{
"id": "",
"name": ""
}
],
"id": "",
"ip_prefix": "",
"asset": "",
"ports": [],
"cloud_metadata": {},
"fgt_metadata": {},
"assets_linked_count": "",
"version": "",
"issue_count": "",
"created_ts": "",
"modified_ts": "",
"discovery_path": [
{
"source": "",
"module": "",
"name": "",
"target": "",
"data_type": ""
}
]
}
Output schema when you choose Linked Assets as true:
{
"tags": [
{
"id": "",
"name": ""
}
],
"groups": [
{
"id": "",
"name": ""
}
],
"id": "",
"ip_prefix": "",
"asset": "",
"ports": [],
"cloud_metadata": {},
"fgt_metadata": {},
"assets_linked_count": "",
"version": "",
"issue_count": "",
"discovery_path": [
{
"source": "",
"module": "",
"name": "",
"target": "",
"data_type": ""
}
],
"assets_linked": []
}
| Parameter | Description |
|---|---|
| Asset | (Optional) Specify the asset to filter the retrieved IP address prefix. For example: 185.161.83.0/24. |
| Search Type | (Optional) Specify the search type to filter the retrieved prefixes.
NOTE: Use the Asset parameter to search along with this parameter. |
| ASN | (Optional) Specify the ASN to filter the retrieved IP address prefixes. For example: AS207180 |
| Version | (Optional) Select the IP version by which to filter retrieved records. You can choose from the following options:
|
| Tags In (Match Any) | (Optional) Specify the tag ID to filter retrieved results. You can specify multiple tag IDs as comma-separated values. It returns results if it matches any of the specified tags, operating as an OR filter. |
| Tags In (Match All) | (Optional) Specify the tag ID to filter retrieved results. You can specify multiple tag IDs as comma-separated values. It returns results if it matches all of the specified tags, operating as an AND filter. |
| Groups In (Match Any) | (Optional) Specify the group ID to filter retrieved results. You can specify multiple group IDs as comma-separated values. It returns results if it matches any of the specified groups, operating as an OR filter. |
| Groups In (Match All) | (Optional) Specify the group ID to filter retrieved results. You can specify multiple group IDs as comma-separated values. It returns results if it matches all of the specified groups, operating as an AND filter. |
| After Primary Scan | (Optional) Select whether to fetch results for items created before or after the primary scan. You can choose from the following options:
|
| Discovered By FortiGate Integration | (Optional) Select whether to fetch IP addresses discovered via FortiGate integrations. You can choose from the following options:
|
| Cloud Metadata | (Optional) Specify the cloud metadata in JSON format to filter the results. Available fields are: integration_id, cloud_provider, account_id, resource_id, resource_group, resource_name, resource_type, region, and subscription_id. For example:
{
"cloud_provider": [
"azure"
],
"region": [
"westus2"
],
"integration_id": [
"777408f550e5rrdd1hjf3w90"
],
"resource_name": [
"TestAssetsPublic"
]
}
|
| Created Time | (Optional) Specify the time range to filter results based on the created time. The following are the accepted formats:
For example: |
| Modified Time | (Optional) Specify the time range to filter results based on the modified time. The following are the accepted formats:
For example: |
| Page | (Optional) Specify the page number from which you want to retrieve records. By default, it is set to 1. |
| Size | (Optional) Specify the maximum number of records that this operation should return for the specified page. By default, this operation retrieves 10 records. Minimum permissible value is 0 and the maximum is 500. |
The output contains the following populated JSON schema:
{
"hits": [
{
"asn_number": "",
"asset": "",
"assets_linked_count": "",
"company_name": "",
"fgt_metadata": {},
"discovery_path": [],
"groups": [
{
"id": "",
"name": ""
}
],
"id": "",
"ip_count": "",
"live_ip_count": "",
"tags": [
{
"id": "",
"name": ""
}
],
"version": "",
"created_ts": "",
"modified_ts": ""
}
],
"page": "",
"size": "",
"total": ""
}
| Parameter | Description |
|---|---|
| Asset ID | Specify the asset ID to retrieve the IP prefix details. |
| Linked Assets | (Optional) Select to retrieve linked assets. By default, it is unchecked and set to false. |
The output contains the following populated JSON schema:
Output schema when you choose Linked Assets as false:
{
"tags": [
{
"id": "",
"name": ""
}
],
"groups": [
{
"id": "",
"name": ""
}
],
"id": "",
"asn_number": "",
"asset": "",
"company_name": "",
"ip_count": "",
"assets_linked_count": "",
"version": "",
"live_ip_count": "",
"fgt_metadata": {},
"discovery_path": [
{
"name": "",
"module": "",
"source": "",
"target": "",
"data_type": ""
}
],
"created_ts": "",
"modified_ts": ""
}
Output schema when you choose Linked Assets as true:
{
"id": "",
"tags": [
{
"id": "",
"name": ""
}
],
"asset": "",
"groups": [
{
"id": "",
"name": ""
}
],
"version": "",
"ip_count": "",
"asn_number": "",
"company_name": "",
"fgt_metadata": {},
"assets_linked": [],
"live_ip_count": "",
"discovery_path": [
{
"name": "",
"module": "",
"source": "",
"target": "",
"data_type": ""
}
],
"assets_linked_count": "",
"created_ts": "",
"modified_ts": ""
}
| Parameter | Description |
|---|---|
| Ports | (Optional) Specify the ports to filter the retrieved subdomains. Specify the ports as comma-separated values to get only those results that have ALL of the specified ports. For example: 8080,443. |
| Technologies | (Optional) Specify the technology discovered on the subdomain to filter the retrieved subdomains. Specify a comma-separated string or a single string. For example MySQL,Bootstrap. |
| Domain | (Optional) Specify a domain to filter the retrieved subdomains. |
| Asset | (Optional) Specify the asset to filter the retrieved subdomains. |
| Search Type | (Optional) Specify the search type to filter the retrieved subdomains.
NOTE: Use Asset parameter to search along with this parameter. |
| Tags In (Match Any) | (Optional) Specify the tag ID to filter retrieved results. You can specify multiple tag IDs as comma-separated values. It returns results if it matches any of the specified tags, operating as an OR filter. |
| Tags In (Match All) | (Optional) Specify the tag ID to filter retrieved results. You can specify multiple tag IDs as comma-separated values. It returns results if it matches all of the specified tags, operating as an AND filter. |
| Groups In (Match Any) | (Optional) Specify the group ID to filter retrieved results. You can specify multiple group IDs as comma-separated values. It returns results if it matches any of the specified groups, operating as an OR filter. |
| Groups In (Match All) | (Optional) Specify the group ID to filter retrieved results. You can specify multiple group IDs as comma-separated values. It returns results if it matches all of the specified groups, operating as an AND filter. |
| After Primary Scan | (Optional) Select whether to fetch results for items created before or after the primary scan. You can choose from the following options:
|
| Discovered By FortiGate Integration | (Optional) Select whether to fetch subdomains discovered via FortiGate integrations. You can choose from the following options:
|
| Is Live | (Optional) Select whether to fetch subdomains that are live. You can choose from the following options:
|
| Discovered By Cloud Integration | (Optional) Select whether to fetch subdomains discovered via Cloud integrations. You can choose from the following options:
|
| Cloud Metadata | (Optional) Specify the cloud metadata in JSON format to filter the results. Available fields are: integration_id, cloud_provider, account_id, resource_id, resource_group, resource_name, resource_type, region, and subscription_id. For example:
{
"cloud_provider": [
"azure"
],
"region": [
"westus2"
],
"integration_id": [
"777408f550e5rrdd1hjf3w90"
],
"resource_name": [
"TestAssetsPublic"
]
}
|
| Created Time | (Optional) Specify the time range to filter results based on the created time. The following are the accepted formats:
For example: |
| Modified Time | (Optional) Specify the time range to filter results based on the modified time. The following are the accepted formats:
For example: |
| Page | (Optional) Specify the page number from which you want to retrieve records. By default, it is set to 1. |
| Size | (Optional) Specify the maximum number of records that this operation should return for the specified page. By default, this operation retrieves 10 records. Minimum permissible value is 0 and the maximum is 500. |
The output contains the following populated JSON schema:
{
"hits": [
{
"id": "",
"tags": [
{
"id": "",
"name": ""
}
],
"asset": "",
"ports": [],
"groups": [],
"ip_address": "",
"domain_name": "",
"fgt_metadata": {},
"technologies": [],
"discovery_path": [],
"cloud_metadata": {},
"created_ts": "",
"modified_ts": ""
}
],
"page": "",
"size": "",
"total": ""
}
| Parameter | Description |
|---|---|
| Asset ID | Specify the asset ID to retrieve the subdomain details. |
The output contains the following populated JSON schema:
{
"id": "",
"tags": [
{
"id": "",
"name": ""
}
],
"asset": "",
"ports": [],
"groups": [],
"ip_address": "",
"domain_name": "",
"issue_count": "",
"fgt_metadata": {},
"technologies": [],
"cloud_metadata": {},
"discovery_path": [
{
"name": "",
"module": "",
"source": "",
"target": "",
"data_type": ""
}
],
"created_ts": "",
"modified_ts": ""
}
| Parameter | Description |
|---|---|
| Ports | (Optional) Specify the ports to filter the asset statistics. Specify the ports as comma-separated values to get only those results that have ALL of the specified ports. For example: 8080,443. |
| Countries | (Optional) Specify the country code to filter the discovered issues. Specify the countries as comma-separated values to get all those results that have ANY of the specified countries. For example: IN,US |
| Technologies | (Optional) Specify the technologies to filter the asset statistics. Specify a comma-separated string or a single string. For example MySQL,Bootstrap. |
| Tags In (Match Any) | (Optional) Specify the tag ID to filter retrieved results. You can specify multiple tag IDs as comma-separated values. It returns results if it matches any of the specified tags, operating as an OR filter. |
| Tags In (Match All) | (Optional) Specify the tag ID to filter retrieved results. You can specify multiple tag IDs as comma-separated values. It returns results if it matches all of the specified tags, operating as an AND filter. |
| Groups In (Match Any) | (Optional) Specify the group ID to filter retrieved results. You can specify multiple group IDs as comma-separated values. It returns results if it matches any of the specified groups, operating as an OR filter. |
| Groups In (Match All) | (Optional) Specify the group ID to filter retrieved results. You can specify multiple group IDs as comma-separated values. It returns results if it matches all of the specified groups, operating as an AND filter. |
| After Primary Scan | (Optional) Select whether to fetch results for items created before or after the primary scan. You can choose from the following options:
|
The output contains the following populated JSON schema:
{
"org_name": "",
"asn_count": "",
"ip_prefix_count": "",
"live_domain_count": "",
"total_domain_count": "",
"billable_assets_count": "",
"live_ip_address_count": "",
"live_sub_domain_count": "",
"total_ip_address_count": "",
"total_sub_domain_count": ""
}
| Parameter | Description |
|---|---|
| Breach Name | (Optional) Specify the breach name to retrieve specific breach details. For example: test-org. The response filters out results and fetches credentials exposed for test-org. |
| Keyword | (Optional) Specify the text to search in the breach name, details, and list of compromised data. For example:test-org. The response filters out results and fetches credentials exposed for test-org. |
| Has Password | (Optional) Select to filter the leaked credential list based on whether the credentials contain passwords. |
| Is Relevant | (Optional) Select to filter the leaked credential list related to an organization. |
| Page | (Optional) Specify the page number from which you want to retrieve records. By default, it is set to 1. |
| Size | (Optional) Specify the maximum number of records that this operation should return for the specified page. By default, this operation retrieves 10 records. Minimum permissible value is 0 and the maximum is 500. |
The output contains the following populated JSON schema:
{
"hits": [
{
"id": "",
"date": "",
"name": "",
"details": "",
"added_on": "",
"has_password": "",
"affected_domains": "",
"compromised_data": "",
"compromised_accounts": ""
}
],
"page": "",
"size": "",
"total": ""
}
| Parameter | Description |
|---|---|
| Breach ID | Specify the breach ID to retrieve the breach details. |
The output contains the following populated JSON schema:
{
"id": "",
"date": "",
"name": "",
"details": "",
"added_on": "",
"has_password": "",
"compromised_data": "",
"compromised_accounts": ""
}
| Parameter | Description |
|---|---|
| Tags In (Match Any) | (Optional) Specify the tag ID to filter retrieved results. You can specify multiple tag IDs as comma-separated values. It returns results if it matches any of the specified tags, operating as an OR filter. |
| Tags In (Match All) | (Optional) Specify the tag ID to filter retrieved results. You can specify multiple tag IDs as comma-separated values. It returns results if it matches all of the specified tags, operating as an AND filter. |
| Groups In (Match Any) | (Optional) Specify the group ID to filter retrieved results. You can specify multiple group IDs as comma-separated values. It returns results if it matches any of the specified groups, operating as an OR filter. |
| Groups In (Match All) | (Optional) Specify the group ID to filter retrieved results. You can specify multiple group IDs as comma-separated values. It returns results if it matches all of the specified groups, operating as an AND filter. |
The output contains the following populated JSON schema:
{
"report_id": ""
}
| Parameter | Description |
|---|---|
| Report ID | Specify the report ID to retrieve the report details. |
| Get Report Link | (Optional) Select the checkbox to get an S3 link to a report file. Clear the checkbox to retrieve file data. By default, this checkbox is cleared, i.e., set to false. |
The output contains the following populated JSON schema:
The output schema when you choose *Get Report Link* as `true`:
{
"report_url": ""
}
The output schema when you choose *Get Report Link* as `false`:
{
"asn": [],
"domain": [
{
"tags": "",
"asset": "",
"groups": "",
"ip_address": "",
"open_ports": "",
"technologies": "",
"total_issues": "",
"discovery_path": "",
"subdomain_count": ""
}
],
"issues": [
{
"port": "",
"tags": "",
"asset": "",
"groups": "",
"severity": "",
"issue_name": "",
"issue_status": "",
"linked_assets": "",
"issue_category": "",
"recommendations": "",
"additional_details": ""
}
],
"ip_block": [],
"ip_address": [
{
"tags": "",
"asset": "",
"groups": "",
"country": "",
"open_ports": "",
"total_issues": "",
"linked_assets": "",
"discovery_path": ""
}
],
"sub_domain": [
{
"tags": "",
"asset": "",
"groups": "",
"open_ports": "",
"technologies": "",
"total_issues": "",
"linked_assets": "",
"discovery_path": ""
}
],
"organization": [],
"disappeared_assets": [
{
"asset": "",
"asset_type": ""
}
],
"newly_discovered_assets": [
{
"asset": "",
"asset_type": ""
}
]
}
| Parameter | Description |
|---|---|
| Asset | (Optional) Specify the asset to filter the retrieved exposed services.
NOTE: The only supported asset types are the IP address, domain, and subdomain. |
| Ports | (Optional) Specify the ports to filter the retrieved exposed services. Specify the ports as comma-separated values to get only results with ALL the specified ports. For example: 8080,443. |
| Services | (Optional) Specify the services to filter the retrieved exposed services. Specify the services as comma-separated values to get only those results that have ANY of the specified services. For example: http,https. |
| Products | (Optional) Specify the products to filter the retrieved exposed services. Specify a comma-separated string or a single string. For example: nginx, Jetty. |
| Services Banner | (Optional) Specify the keywords in the service banner to filter the retrieved exposed services.
NOTE: Do not use |
| After Primary Scan | (Optional) Select whether to fetch results for items created before or after the primary scan. You can choose from the following options:
|
| Has SSL | (Optional) Select whether to fetch assets that have SSL. You can choose from the following options:
|
| Created Time | (Optional) Specify the time range to filter results based on the created time. The following are the accepted formats:
For example: |
| Modified Time | (Optional) Specify the time range to filter results based on the modified time. The following are the accepted formats:
For example: |
| Page | (Optional) Specify the page number from which you want to retrieve records. By default, it is set to 1. |
| Size | (Optional) Specify the maximum number of records that this operation should return for the specified page. By default, this operation retrieves 10 records. Minimum permissible value is 0 and the maximum is 500. |
The output contains the following populated JSON schema:
{
"hits": [
{
"cpe": [],
"domains": [],
"ip_address": "",
"os": "",
"port": "",
"product": "",
"service": "",
"service_banner": "",
"ssl": {},
"subdomains": [],
"version": "",
"created_ts": "",
"modified_ts": ""
}
],
"page": "",
"size": "",
"total": ""
}
| Parameter | Description |
|---|---|
| Provider | (Optional) Specify the provider to filter the retrieved cloud integrations. |
| Connection Status | (Optional) Select the connection status to filter the retrieved cloud integrations. You can choose from the following options:
|
| Created Time | (Optional) Specify the time range to filter results based on the created time. The following are the accepted formats:
For example: |
| Modified Time | (Optional) Specify the time range to filter results based on the modified time. The following are the accepted formats:
For example: |
| Page | (Optional) Specify the page number from which you want to retrieve records. By default, it is set to 1. |
| Size | (Optional) Specify the maximum number of records that this operation should return for the specified page. By default, this operation retrieves 10 records. Minimum permissible value is 0 and the maximum is 500. |
The output contains the following populated JSON schema:
{
"hits": [
{
"name": "",
"provider": "",
"account_id": "",
"policy_errors": [],
"connection_status": "",
"created_ts": "",
"modified_ts": ""
}
],
"page": "",
"size": "",
"total": ""
}
| Parameter | Description |
|---|---|
| Connection Status | (Optional) Select the connection status to filter the retrieved FortiGate integrations. |
| Created Time | (Optional) Specify the time range to filter results based on the created time. The following are the accepted formats:
For example: |
| Modified Time | (Optional) Specify the time range to filter results based on the modified time. The following are the accepted formats:
For example: |
| Created Time | (Optional) Specify the time range to filter results based on the created time. The following are the accepted formats:
For example: |
| Modified Time | (Optional) Specify the time range to filter results based on the modified time. The following are the accepted formats:
For example: |
| Page | (Optional) Specify the page number from which you want to retrieve records. By default, it is set to 1. |
| Size | (Optional) Specify the maximum number of records that this operation should return for the specified page. By default, this operation retrieves 10 records. Minimum permissible value is 0 and the maximum is 500. |
The output contains the following populated JSON schema:
{
"hits": [
{
"host": "",
"name": "",
"port": "",
"is_ssl": "",
"verify_ssl": "",
"policy_errors": [],
"connection_status": "",
"created_ts": "",
"modified_ts": ""
}
],
"page": "",
"size": "",
"total": ""
}
| Parameter | Description |
|---|---|
| Domain | Specify the domain for which you want security insights to be retrieved. |
The output contains the following populated JSON schema:
{
"authoritative": [
{
"comments": "",
"info": "",
"severity_on_fail": "",
"status": "",
"title": ""
}
],
"parent": [
{
"comments": "",
"info": "",
"severity_on_fail": "",
"status": "",
"title": ""
}
],
"soa": [
{
"comments": "",
"info": "",
"severity_on_fail": "",
"status": "",
"title": ""
}
]
}
| Parameter | Description |
|---|---|
| Issue ID | Specify the ID of the issue whose comments are to be retrieved. |
| Comment Type | (Optional) Select the comment type that is to be retrieved for the specified issue. You can choose from User or System |
| Created Time | (Optional) Specify the time range to filter results based on the created time. The following are the accepted formats:
For example: |
| Modified Time | (Optional) Specify the time range to filter results based on the modified time. The following are the accepted formats:
For example: |
| Page | (Optional) Specify the page number from which you want to retrieve records. By default, it is set to 1. |
| Size | (Optional) Specify the maximum number of records that this operation should return for the specified page. By default, this operation retrieves 10 records. Minimum permissible value is 0 and the maximum is 500. |
The output contains the following populated JSON schema:
{
"hits": [
{
"text": "",
"user_name": "",
"comment_type": "",
"created_ts": "",
"modified_ts": ""
}
],
"page": "",
"size": "",
"total": ""
}
| Parameter | Description |
|---|---|
| Issue ID | Specify the ID of the issue whose comments are to be retrieved. |
| Comment Type | (Optional) Select the comment type that is to be retrieved for the specified issue. You can choose from User or System |
| Created Time | (Optional) Specify the time range to filter results based on the created time. The following are the accepted formats:
For example: |
| Modified Time | (Optional) Specify the time range to filter results based on the modified time. The following are the accepted formats:
For example: |
| Page | (Optional) Specify the page number from which you want to retrieve records. By default, it is set to 1. |
| Size | (Optional) Specify the maximum number of records that this operation should return for the specified page. By default, this operation retrieves 10 records. Minimum permissible value is 0 and the maximum is 500. |
The output contains the following populated JSON schema:
{
"hits": [
{
"text": "",
"user_name": "",
"comment_type": "",
"created_ts": "",
"modified_ts": ""
}
],
"page": "",
"size": "",
"total": ""
}
| Parameter | Description |
|---|---|
| Scope | (Optional) Select the scope for which you want to retrieve the tags. You can choose from the following options:
|
| Name | (Optional) Specify the name of tag to retrieve. Names are matched partially. |
| Created Time | (Optional) Specify the time range to filter results based on the created time. The following are the accepted formats:
For example: |
| Modified Time | (Optional) Specify the time range to filter results based on the modified time. The following are the accepted formats:
For example: |
| Page | (Optional) Specify the page number from which you want to retrieve records. By default, it is set to 1. |
| Size | (Optional) Specify the maximum number of records that this operation should return for the specified page. By default, this operation retrieves 10 records. Minimum permissible value is 0 and the maximum is 500. |
The output contains the following populated JSON schema:
{
"hits": [
{
"id": "",
"name": "",
"scope": "",
"description": "",
"linked_assets_count": "",
"created_ts": "",
"modified_ts": ""
}
],
"page": "",
"size": "",
"total": ""
}
| Parameter | Description |
|---|---|
| Tag ID | Specify the ID of the tag that is to be retrieved. |
| Linked Asset | (Optional) Select to retrieve linked assets. By default, it is unchecked and set to False. |
The output contains the following populated JSON schema:
Output schema when you choose Linked Asset as true:
{
"id": "",
"name": "",
"scope": "",
"description": "",
"linked_assets_count": "",
"created_ts": "",
"modified_ts": ""
}
Output schema when you choose Linked Asset as false:
{
"id": "",
"name": "",
"scope": "",
"description": "",
"linked_assets_count": "",
"created_ts": "",
"modified_ts": ""
}
| Parameter | Description |
|---|---|
| Scope | (Optional) Specify the scope for which you want to retrieve the groups. You can choose from System, Client |
| Group Name | (Optional) Specify the name of the group that you want to retrieve. Names are matched partially. |
| Created Time | (Optional) Specify the time range to filter results based on the created time. The following are the accepted formats:
For example: |
| Modified Time | (Optional) Specify the time range to filter results based on the modified time. The following are the accepted formats:
For example: |
| Page | (Optional) Specify the page number from which you want to retrieve records. By default, it is set to 1. |
| Size | (Optional) Specify the maximum number of records that this operation should return for the specified page. By default, this operation retrieves 10 records. Minimum permissible value is 0 and the maximum is 500. |
The output contains the following populated JSON schema:
{
"hits": [
{
"id": "",
"name": "",
"scope": "",
"description": "",
"linked_assets_count": "",
"created_ts": "",
"modified_ts": ""
}
],
"page": "",
"size": "",
"total": ""
}
| Parameter | Description |
|---|---|
| Group ID | Specify the ID of the group that is to be retrieved. |
| Linked Asset | (Optional) Select to retrieve linked assets. By default, it is unchecked and set to False. |
The output contains the following populated JSON schema:
Output schema when you choose Linked Asset as false:
{
"id": "",
"name": "",
"scope": "",
"description": "",
"linked_assets_count": "",
"created_ts": "",
"modified_ts": ""
}
Output schema when you choose Linked Asset as true:
{
"id": "",
"name": "",
"scope": "",
"description": "",
"linked_assets": [],
"linked_assets_count": "",
"created_ts": "",
"modified_ts": ""
}
| Parameter | Description |
|---|---|
| Asset ID | Specify the ID of the archived asset you want to update to Active. |
The output contains the following populated JSON schema:
{
"message": ""
}
| Parameter | Description |
|---|---|
| Issue ID | Specify the ID of the archived issue you want to update to Active. |
The output contains the following populated JSON schema:
{
"message": ""
}
| Parameter | Description |
|---|---|
| Issue ID | Specify the ID of the security issue you want to update. |
| Status | Select the status to which you want to update the specified security issue. You can choose from the following options: ACTIVE, RESOLVED, FALSE_POSITIVE, or RISK_ACCEPTED. |
The output contains the following populated JSON schema:
{
"message": ""
}
| Parameter | Description |
|---|---|
| Asset ID | Specify the ID of the ASN asset you want to update to False Positive. |
The output contains the following populated JSON schema:
{
"message": ""
}
| Parameter | Description |
|---|---|
| Asset ID | Specify the ID of the IP Prefix asset you want to update to False Positive. |
The output contains the following populated JSON schema:
{
"message": ""
}
| Parameter | Description |
|---|---|
| Asset ID | Specify the ID of the IP asset you want to update to False Positive. |
The output contains the following populated JSON schema:
{
"message": ""
}
| Parameter | Description |
|---|---|
| Asset ID | Specify the ID of the domain asset you want to update to False Positive. |
The output contains the following populated JSON schema:
{
"message": ""
}
| Parameter | Description |
|---|---|
| Asset ID | Specify the ID of the subdomain asset you want to update to False Positive. Note: This operation is not allowed on the same asset_id. |
The output contains the following populated JSON schema:
{
"message": ""
}
| Parameter | Description |
|---|---|
| Leaked Credential ID | Specify the ID of the leaked credential you want to update. |
| Status | Select the status to which you want to update the specified leaked credential. You can choose either ACTIVE or RESOLVED. |
The output contains the following populated JSON schema:
{
"message": ""
}
The Sample - Fortinet FortiRecon EASM - 1.2.1 playbook collection comes bundled with the Fortinet FortiRecon EASM connector. These playbooks contain steps using which you can perform all supported actions. You can see bundled playbooks in the Automation > Playbooks section in FortiSOAR™ after importing the Fortinet FortiRecon EASM connector.
Note: If you are planning to use any of the sample playbooks in your environment, ensure that you clone those playbooks and move them to a different collection since the sample playbook collection gets deleted during the connector upgrade and deletion.
FortiRecon is a Digital Risk Protection Service (DRPS) product that provides an outside-the-network view of the risks posed to your enterprise.
This document provides information about the Fortinet FortiRecon EASM Connector, which facilitates automated interactions with a Fortinet FortiRecon EASM server using FortiSOARâ„¢ playbooks. Add the Fortinet FortiRecon EASM Connector as a step in FortiSOARâ„¢ playbooks and perform automated operations with Fortinet FortiRecon EASM.
Connector Version: 1.2.1
FortiSOARâ„¢ Version Tested on: 7.6.4-5623
Fortinet FortiRecon EASM Version Tested on: Version: v25.4.a
Authored By: Fortinet
Contributor: Ramkrushna Pathade
Certified: Yes
The following enhancements have been made to the Fortinet FortiRecon EASM Connector in version 1.2.1:
Use the Content Hub to install the connector. For the detailed procedure to install a connector, click here.
You can also use the following yum command to install connectors from an SSH session:
sudo yum install cyops-connector-fortinet-fortirecon-easm
For the procedure to configure a connector, click here.
In FortiSOAR™, on the Connectors page, click the Fortinet FortiRecon EASM connector row (if you are in the Grid view on the Connectors page) and in the Configurations tab, enter the required configuration details:
| Parameter | Description |
|---|---|
| Server URL | Server name or IP address to which you will connect and perform the automated operations. |
| API Key | API key to access the endpoint server to which you connect and perform the automated operations. |
| Organization ID | The organization ID on which FortiRecon operations are to be performed. |
| Verify SSL | Specifies whether the SSL certificate for the server is to be verified. By default, this option is selected, i.e., set to True. |
The following automated operations can be included in playbooks and you can also use the annotations to access operations:
| Function | Description | Annotation and Category |
|---|---|---|
| Get Leaked Credentials | Retrieves a list of leaked credentials related to the organization ID based on the keyword to search, breach ID, and date-time range you have specified. | get_leaked_credentials Investigation |
| Get Scan Statistics | Retrieves statistics related to the EASM scan related to the organization ID specified in the configuration parameters. The response includes a count of the total, online, and newly discovered assets for the current and previous scans. | get_scan_statistics Investigation |
| Get Issues Discovered | Retrieves a list of security issues related to assets discovered in the most recent EASM scan based on the filter criteria like issue status, severity, and the country codes (US, IN) you have specified. |
get_issues_discovered Investigation |
| Get Issue By ID | Retrieves details about a specific security issue based on the unique issue ID you have specified. | get_issue_by_id Investigation |
| Get Issue Summary | Retrieves the statistics related to security issues discovered in the most recent EASM scan. The response includes a count of the total discovered issues, along with the severity-wise count. | get_issue_summary Investigation |
| Get Archived Issues | Retrieves a list of security issues that have been marked as either Risk Accepted or False Positive based on the asset you have specified. | get_archived_issues Investigation |
| Get Archived Assets | Retrieves a list of assets that have been marked as either Risk Accepted or False Positive. | get_archived_assets Investigation |
| Get Asset ASNs | Retrieves a list of Autonomous System Numbers (ASNs) discovered in the latest EASM scan based on the asset you have specified. | get_asset_asns Investigation |
| Get ASNs by Asset ID | Retrieves details about a specific Autonomous System Number(ASN) based on the asset ID you have specified. | get_asns_by_asset_id Investigation |
| Get Domains | Retrieves a list of domains discovered in the latest EASM scan based on the filter criteria like ports, technologies, and assets you have specified. | get_domains Investigation |
| Get Domain by Asset ID | Retrieves domain details based on the asset ID you have specified. | get_domain_by_asset_id Investigation |
| Get IPs | Retrieves a list of IP addresses discovered in the latest EASM scan based on the filter criteria like ports, country codes, and assets you have specified. | get_ips Investigation |
| Get IP by Asset ID | Retrieves IP address details based on the asset ID you have specified. | get_ips_by_asset_id Investigation |
| Get Prefixes | Retrieves a list of IP prefixes discovered in the latest EASM scan based on the filter criteria, like ASN and assets you have specified. | get_prefixes Investigation |
| Get Prefixes by Asset ID | Retrieves details about a specific IP prefix based on the asset ID you have specified. | get_prefixes_by_asset_id Investigation |
| Get Subdomains | Retrieves a list of subdomains discovered in the latest EASM scan based on the filter criteria like ports, technologies, and assets you have specified. | get_subdomains Investigation |
| Get Subdomain by Asset ID | Retrieves subdomain details based on the asset ID you have specified. | get_subdomain_by_asset_id Investigation |
| Get Asset Statistics | Retrieves the statistics related to assets discovered in the most recent EASM scan. The response includes a count of the total discovered and online assets. | get_asset_statistics Investigation |
| Get Breaches | Retrieves a list of credential breaches related to the organization ID based on the keyword to search and other details you have specified. | get_breaches Investigation |
| Get Breaches by ID | Retrieves details about a specific credential breach based on the breach ID you have specified. | get_breaches_by_id Investigation |
| Generate Report | Initiates the report generation for the latest EASM scan. | generate_report Investigation |
| Get Report | Checks the status of the generated EASM report based on the report ID you have specified. The response contains the S3 URL of the report to download if generated. | get_report Investigation |
| Get Exposed Services | Retrieves a list of exposed services in the latest EASM scan based on the filter criteria like asset, ports, services, and products etc. | get_exposed_services Investigation |
| Get Cloud Integrations | Retrieves a list of cloud integrations based on the filter criteria like provider, connection_status. | get_cloud_integrations Investigation |
| Get FortiGate Integrations | Retrieves a list of FortiGate integrations based on the input parameters specified. | get_fgt_integrations Investigation |
| Get Security Insights | Retrieves the security insights on DNS configurations for the given domain. | get_security_insights Investigation |
| Get Archived Issue Comments | Retrieves a list of comments for the given archived issue ID. | get_archived_issue_comments Investigation |
| Get Issue Comments | Retrieves a list of comments for the given issue ID. | get_issue_comments Investigation |
| Get Tags | Retrieves a list of tags based on scope, name, and other parameters specified. | get_tags Investigation |
| Get Tag Details | Retrieves specific tag details based on the tag ID specified. | get_tag_by_id Investigation |
| Get Groups | Retrieves a list of groups based on scope, name, and other parameters specified. | get_groups Investigation |
| Get Group Details | Retrieves a specific group's details based on the group ID specified. | get_group_by_id Investigation |
| Update Archived Asset | Updates a specific asset's status to Active based on the asset ID specified. This action removes the specified asset from archived assets; however, its linked assets remain in the archive. The asset will be shown immediately in the profile settings seed section. However, the asset gets scanned again within 24 hours and will then be shown in active assets. If any issues are found during the scan, they are shown on the issues page. |
update_archived_asset Investigation |
| Mark Archived Issue as Active | Updates the status of a specific archived security issue record to Active based on the issue ID specified. | update_archived_issue Investigation |
| Update Issue Status | Updates the status of a specific security issue record based on the security issue ID specified. If the specified issue status is updated to false_positive or risk_accepted, it will appear in the archived issues. |
update_issue_status Investigation |
| Update ASN Asset To False Positive | Marks a specific ASN asset as a false positive based on the asset ID specified. This action also marks the specified ASN asset's linked assets as false positives. Once marked, these assets will appear in the archived assets. All issues associated with the specified ASN asset will be removed. |
update_asn_asset_status_to_false_positive Investigation |
| Update IP Prefix Asset To False Positive | Marks a specific IP Prefix asset as a false positive based on the asset ID specified. This action also marks the specified IP Prefix asset's linked assets as false positives. Once marked, these assets will appear in the archived assets. All issues associated with the specified IP Prefix asset are also removed. |
update_prefix_asset_status_to_false_positive Investigation |
| Update IP Asset To False Positive | Marks a specific IP asset as a false positive based on the asset ID specified. This action also marks the specified IP asset's linked assets as false positives. Once marked, these assets will appear in the archived assets. All issues associated with the specified IP asset are also removed. |
update_ip_asset_status_to_false_positive Investigation |
| Update Domain Asset To False Positive | Marks a specific domain asset as a false positive based on the asset ID specified. This action also marks the specified domain asset's linked assets as false positives. Once marked, these assets will appear in the archived assets. All issues associated with the specified domain asset are also removed. |
update_domain_asset_status_to_false_positive Investigation |
| Update Sub-Domain Asset To False Positive | Marks a specific subdomain asset as a false positive based on the asset ID specified. This action also marks the specified subdomain asset's linked assets as false positives. Once marked, these assets will appear in the archived assets. All issues associated with the specified subdomain asset are also removed. |
update_subdomain_asset_status_to_false_positive Investigation |
| Update Leaked Credential Status | Updates the status of a specific leaked credential record to Active or Resolved, based on the leaked credential ID specified. | update_leaked_credential_status Investigation |
| Parameter | Description |
|---|---|
| Keyword | (Optional) Specify the text to search in the email address and the breach name. Specified keywords are searched in these fields: email, breach name, and domain. For example, if you specify user@example.com, the response filters out results and fetches credentials exposed for user@example.com. |
| Breach ID | (Optional) Specify the breach ID to filter the leaked credentials received. |
| Email ID | (Optional) Specify the email ID to filter the leaked credentials retrieved. |
| Domain | (Optional) Specify the domain to filter the leaked credentials retrieved. |
| Status | (Optional) Specify the status to filter the leaked credentials retrieved. |
| Has Password | (Optional) Specify whether to filter the leaked credential list based on whether the credentials contain passwords. |
| Show Plaintext Password | (Optional) Select to show password in plaintext in the response. |
| Start Date | (Optional) Specify the start date to filter the credential leak discovery date. The default is set as the last 6 months. |
| End Date | (Optional) Specify the end date to filter the credential leak discovery date. The default is the current day's date. |
| Page | (Optional) Specify the page number from which you want to retrieve records. By default, it is set to 1. |
| Size | (Optional) Specify the maximum number of records that this operation should return for the specified page. By default, this operation retrieves 10 records. Minimum permissible value is 0 and the maximum is 500. |
The output contains the following populated JSON schema:
{
"total": "",
"page": "",
"size": "",
"hits": [
{
"email": "",
"domain": "",
"status": "",
"added_on": "",
"breach_id": "",
"breach_date": "",
"breach_name": "",
"has_password": "",
"plaintext_passwords": []
}
]
}
| Parameter | Description |
|---|---|
| Tags In (Match Any) | (Optional) Specify the tag ID to filter retrieved results. You can specify multiple tag IDs as comma-separated values. It returns results if it matches any of the specified tags, operating as an OR filter. |
| Tags In (Match All) | (Optional) Specify the tag ID to filter retrieved results. You can specify multiple tag IDs as comma-separated values. It returns results if it matches all of the specified tags, operating as an AND filter. |
| Groups In (Match Any) | (Optional) Specify the group ID to filter retrieved results. You can specify multiple group IDs as comma-separated values. It returns results if it matches any of the specified groups, operating as an OR filter. |
| Groups In (Match All) | (Optional) Specify the group ID to filter retrieved results. You can specify multiple group IDs as comma-separated values. It returns results if it matches all of the specified groups, operating as an AND filter. |
The output contains the following populated JSON schema:
{
"current_scan": {
"assets": {
"disappeared": {
"asn": "",
"domain": "",
"ip_address": "",
"ip_block": "",
"sub_domain": ""
},
"live": "",
"newly_discovered": {
"asn": "",
"domain": "",
"ip_address": "",
"ip_block": "",
"sub_domain": ""
},
"total": ""
},
"completed_ts": ""
},
"previous_scan": {
"assets": {
"live": "",
"total": ""
},
"completed_ts": ""
}
}
| Parameter | Description |
|---|---|
| Status | (Optional) Select the status to filter the results. You can choose from the following options:
|
| Severity | (Optional) Select the severity to filter the results. You can choose from the following options:
|
| NVD Severity | (Optional) Select the NVD severity to filter the results. You can choose from the following options:
|
| Recon Severity | (Optional) Select the Recon severity to filter the results. You can choose from the following options:
|
| Countries | (Optional) Specify the country code to filter the discovered issues. Specify the countries as comma-separated values to get all those results that have any of the specified countries. For example: IN,US |
| Bucket ID | (Optional) Specify the bucket IDs to filter the results. You can choose from the following options:
|
| Issue Name Identifier | (Optional) Specify the issue name identifiers to filter the results, as comma-separated values. For example: ip_blacklist,cve_2019_1234 |
| Asset Type | (Optional) Select the asset type to filter the discovered issues. You can choose from the following options:
|
| Asset | (Optional) Specify the asset to filter the results. For example: test.example.com |
| Search Type | (Optional) Specify the search type to filter the retrieved issues.
NOTE: Use the Asset parameter, along with this parameter, to search. |
| Tags In (Match Any) | (Optional) Specify the tag ID to filter retrieved results. You can specify multiple tag IDs as comma-separated values. It returns results if it matches any of the specified tags, operating as an OR filter. |
| Tags In (Match All) | (Optional) Specify the tag ID to filter retrieved results. You can specify multiple tag IDs as comma-separated values. It returns results if it matches all of the specified tags, operating as an AND filter. |
| Groups In (Match Any) | (Optional) Specify the group ID to filter retrieved results. You can specify multiple group IDs as comma-separated values. It returns results if it matches any of the specified groups, operating as an OR filter. |
| Groups In (Match All) | (Optional) Specify the group ID to filter retrieved results. You can specify multiple group IDs as comma-separated values. It returns results if it matches all of the specified groups, operating as an AND filter. |
| After Primary Scan | (Optional) Select whether to fetch results for items created before or after the primary scan. You can choose from the following options:
|
| Created Time | (Optional) Specify the time range to filter results based on the created time. The following are the accepted formats:
For example: |
| Modified Time | (Optional) Specify the time range to filter results based on the modified time. The following are the accepted formats:
For example: |
| Page | (Optional) Specify the page number from which you want to retrieve records. By default, it is set to 1. |
| Size | (Optional) Specify the maximum number of records that this operation should return for the specified page. By default, this operation retrieves 10 records. Minimum permissible value is 0 and the maximum is 500. |
The output contains the following populated JSON schema:
{
"hits": [
{
"tags": [
{
"id": "",
"name": ""
}
],
"groups": [
{
"id": "",
"name": ""
}
],
"id": "",
"issue_name": "",
"asset": "",
"asset_type": "",
"country": "",
"severity": "",
"nvd_severity": "",
"recon_severity": "",
"port": "",
"bucket": "",
"status": "",
"user_name": "",
"issue_name_identifier": "",
"bucket_id": "",
"created_ts": "",
"modified_ts": ""
}
],
"page": "",
"size": "",
"total": ""
}
| Parameter | Description |
|---|---|
| Issue ID | Specify the issue ID to get details about that specific security issue. |
The output contains the following populated JSON schema:
{
"total": "",
"page": "",
"size": "",
"hits": [
{
"email": "",
"domain": "",
"status": "",
"added_on": "",
"breach_id": "",
"breach_date": "",
"breach_name": "",
"has_password": "",
"plaintext_passwords": []
}
]
}
| Parameter | Description |
|---|---|
| Tags In (Match Any) | (Optional) Specify the tag ID to filter retrieved results. You can specify multiple tag IDs as comma-separated values. It returns results if it matches any of the specified tags, operating as an OR filter. |
| Tags In (Match All) | (Optional) Specify the tag ID to filter retrieved results. You can specify multiple tag IDs as comma-separated values. It returns results if it matches all of the specified tags, operating as an AND filter. |
| Groups In (Match Any) | (Optional) Specify the group ID to filter retrieved results. You can specify multiple group IDs as comma-separated values. It returns results if it matches any of the specified groups, operating as an OR filter. |
| Groups In (Match All) | (Optional) Specify the group ID to filter retrieved results. You can specify multiple group IDs as comma-separated values. It returns results if it matches all of the specified groups, operating as an AND filter. |
| After Primary Scan | (Optional) Select whether to fetch results for items created before or after the primary scan. You can choose from the following options:
|
The output contains the following populated JSON schema:
{
"hits": [
{
"asset": "",
"asset_type": "",
"groups": [
{
"id": "",
"name": ""
}
],
"id": "",
"issue_name": "",
"port": "",
"status": "",
"tags": [
{
"id": "",
"name": ""
}
],
"created_ts": "",
"modified_ts": "",
"user_name": ""
}
],
"page": "",
"size": "",
"total": ""
}
| Parameter | Description |
|---|---|
| Status | (Optional) Select the status to filter the retrieved archived issues. You can choose from the following options:
|
| Asset Type | (Optional) Select the asset type to filter the retrieved archived issues. You can choose from the following options:
|
| Asset | (Optional) Specify the asset to filter the retrieved archived issues. For example: asset.example.com |
| Tags In (Match Any) | (Optional) Specify the tag ID to filter retrieved results. You can specify multiple tag IDs as comma-separated values. It returns results if it matches any of the specified tags, operating as an OR filter. |
| Tags In (Match All) | (Optional) Specify the tag ID to filter retrieved results. You can specify multiple tag IDs as comma-separated values. It returns results if it matches all of the specified tags, operating as an AND filter. |
| Groups In (Match Any) | (Optional) Specify the group ID to filter retrieved results. You can specify multiple group IDs as comma-separated values. It returns results if it matches any of the specified groups, operating as an OR filter. |
| Groups In (Match All) | (Optional) Specify the group ID to filter retrieved results. You can specify multiple group IDs as comma-separated values. It returns results if it matches all of the specified groups, operating as an AND filter. |
| Created Time | (Optional) Specify the time range to filter results based on the created time. The following are the accepted formats:
For example: |
| Modified Time | (Optional) Specify the time range to filter results based on the modified time. The following are the accepted formats:
For example: |
| Page | (Optional) Specify the page number from which you want to retrieve records. By default, it is set to 1. |
| Size | (Optional) Specify the maximum number of records that this operation should return for the specified page. By default, this operation retrieves 10 records. Minimum permissible value is 0 and the maximum is 500. |
The output contains the following populated JSON schema:
{
"hits": [
{
"asset": "",
"asset_type": "",
"groups": [
{
"id": "",
"name": ""
}
],
"id": "",
"tags": [
{
"id": "",
"name": ""
}
],
"user_action": "",
"user_name": "",
"created_ts": "",
"modified_ts": ""
}
],
"page": "",
"size": "",
"total": ""
}
| Parameter | Description |
|---|---|
| User Action | (Optional) Select the user action based on which to filter the fetched archived assets. You can choose from the following options:
|
| Asset Type | (Optional) Select the asset type to filter the archived assets. You can choose from the following options:
|
| Asset | (Optional) Specify the asset to filter the retrieved archived assets. For example: asset.example.com |
| Tags In (Match Any) | (Optional) Specify the tag ID to filter retrieved results. You can specify multiple tag IDs as comma-separated values. It returns results if it matches any of the specified tags, operating as an OR filter. |
| Tags In (Match All) | (Optional) Specify the tag ID to filter retrieved results. You can specify multiple tag IDs as comma-separated values. It returns results if it matches all of the specified tags, operating as an AND filter. |
| Groups In (Match Any) | (Optional) Specify the group ID to filter retrieved results. You can specify multiple group IDs as comma-separated values. It returns results if it matches any of the specified groups, operating as an OR filter. |
| Groups In (Match All) | (Optional) Specify the group ID to filter retrieved results. You can specify multiple group IDs as comma-separated values. It returns results if it matches all of the specified groups, operating as an AND filter. |
| Created Time | (Optional) Specify the time range to filter results based on the created time. The following are the accepted formats:
For example: |
| Modified Time | (Optional) Specify the time range to filter results based on the modified time. The following are the accepted formats:
For example: |
| Page | (Optional) Specify the page number from which you want to retrieve records. By default, it is set to 1. |
| Size | (Optional) Specify the maximum number of records that this operation should return for the specified page. By default, this operation retrieves 10 records. Minimum permissible value is 0 and the maximum is 500. |
The output contains the following populated JSON schema:
{
"hits": [
{
"asset": "",
"asset_type": "",
"groups": [
{
"id": "",
"name": ""
}
],
"id": "",
"tags": [
{
"id": "",
"name": ""
}
],
"user_action": "",
"user_name": "",
"created_ts": "",
"modified_ts": ""
}
],
"page": "",
"size": "",
"total": ""
}
| Parameter | Description |
|---|---|
| Search Type | (Optional) Specify the search type to filter the results.
NOTE: Use the Asset parameter to search along with this parameter. |
| Asset | (Optional) Specify the asset to filter the results. For example: AS0000. |
| Tags In (Match Any) | (Optional) Specify the tag ID to filter retrieved results. You can specify multiple tag IDs as comma-separated values. It returns results if it matches any of the specified tags, operating as an OR filter. |
| Tags In (Match All) | (Optional) Specify the tag ID to filter retrieved results. You can specify multiple tag IDs as comma-separated values. It returns results if it matches all of the specified tags, operating as an AND filter. |
| Groups In (Match Any) | (Optional) Specify the group ID to filter retrieved results. You can specify multiple group IDs as comma-separated values. It returns results if it matches any of the specified groups, operating as an OR filter. |
| Groups In (Match All) | (Optional) Specify the group ID to filter retrieved results. You can specify multiple group IDs as comma-separated values. It returns results if it matches all of the specified groups, operating as an AND filter. |
| After Primary Scan | (Optional) Select whether to fetch results for items created before or after the primary scan. You can choose from the following options:
|
| Discovered By FortiGate Integration | (Optional) Select whether to fetch assets discovered via FortiGate integrations. You can choose from the following options:
|
| Cloud Metadata | (Optional) Specify the cloud metadata in JSON format to filter the results. Available fields are: integration_id, cloud_provider, account_id, resource_id, resource_group, resource_name, resource_type, region, and subscription_id. For example:
{
"cloud_provider": [
"azure"
],
"region": [
"westus2"
],
"integration_id": [
"777408f550e5rrdd1hjf3w90"
],
"resource_name": [
"TestAssetsPublic"
]
}
|
| Created Time | (Optional) Specify the time range to filter results based on the created time. The following are the accepted formats:
For example: |
| Modified Time | (Optional) Specify the time range to filter results based on the modified time. The following are the accepted formats:
For example: |
| Page | (Optional) Specify the page number from which you want to retrieve records. By default, it is set to 1. |
| Size | (Optional) Specify the maximum number of records that this operation should return for the specified page. By default, this operation retrieves 10 records. Minimum permissible value is 0 and the maximum is 500. |
The output contains the following populated JSON schema:
{
"hits": [
{
"asset": "",
"assets_linked_count": "",
"company_name": "",
"fgt_metadata": {},
"groups": [
{
"id": "",
"name": ""
}
],
"id": "",
"created_ts": "",
"modified_ts": "",
"tags": [
{
"id": "",
"name": ""
}
]
}
],
"page": "",
"size": "",
"total": ""
}
| Parameter | Description |
|---|---|
| Asset ID | Specify the asset ID to retrieve the ASN details. |
| Linked Assets | (Optional) Select to retrieve linked assets. By default, it is unchecked and set to False. |
The output contains the following populated JSON schema:
Output schema when you choose Linked Assets as false:
{
"groups": [
{
"id": "",
"name": ""
}
],
"tags": [
{
"id": "",
"name": ""
}
],
"id": "",
"asset": "",
"assets_linked_count": "",
"company_name": "",
"fgt_metadata": {},
"created_ts": "",
"modified_ts": "",
"discovery_path": [
{
"source": "",
"module": "",
"name": "",
"target": "",
"data_type": ""
}
]
}
Output schema when you choose Linked Assets as true:
{
"groups": [
{
"id": "",
"name": ""
}
],
"tags": [
{
"id": "",
"name": ""
}
],
"id": "",
"asset": "",
"assets_linked_count": "",
"company_name": "",
"fgt_metadata": {},
"discovery_path": [
{
"source": "",
"module": "",
"name": "",
"target": "",
"data_type": ""
}
],
"assets_linked": []
}
| Parameter | Description |
|---|---|
| Ports | (Optional) Specify the ports to filter retrieved domains. Specify the ports as comma-separated values to get only those results that have all of the specified ports. For example 8080,443 |
| Technologies | (Optional) Specify the ports to filter retrieved domains. Specify a comma-separated string or a single string. For example MySQL,Bootstrap |
| Asset | (Optional) Specify the asset to filter retrieved domains. |
| Search Type | (Optional) Specify the search type to filter retrieved domains.
NOTE: Use the Asset parameter to search along with this parameter. |
| Tags In (Match Any) | (Optional) Specify the tag ID to filter retrieved results. You can specify multiple tag IDs as comma-separated values. It returns results if it matches any of the specified tags, operating as an OR filter. |
| Tags In (Match All) | (Optional) Specify the tag ID to filter retrieved results. You can specify multiple tag IDs as comma-separated values. It returns results if it matches all of the specified tags, operating as an AND filter. |
| Groups In (Match Any) | (Optional) Specify the group ID to filter retrieved results. You can specify multiple group IDs as comma-separated values. It returns results if it matches any of the specified groups, operating as an OR filter. |
| Groups In (Match All) | (Optional) Specify the group ID to filter retrieved results. You can specify multiple group IDs as comma-separated values. It returns results if it matches all of the specified groups, operating as an AND filter. |
| After Primary Scan | (Optional) Select whether to fetch results for items created before or after the primary scan. You can choose from the following options:
|
| Discovered By FortiGate Integration | (Optional) Select whether to fetch domains discovered via FortiGate integrations. You can choose from the following options:
|
| Is Live | (Optional) Select whether to fetch domains that are live. You can choose from the following options:
|
| Discovered By Cloud Integration | (Optional) Select whether to fetch domains discovered via Cloud integrations. You can choose from the following options:
|
| Cloud Metadata | (Optional) Specify the cloud metadata in JSON format to filter the results. Available fields are: integration_id, cloud_provider, account_id, resource_id, resource_group, resource_name, resource_type, region, and subscription_id. For example:
{
"cloud_provider": [
"azure"
],
"region": [
"westus2"
],
"integration_id": [
"777408f550e5rrdd1hjf3w90"
],
"resource_name": [
"TestAssetsPublic"
]
}
|
| Created Time | (Optional) Specify the time range to filter results based on the created time. The following are the accepted formats:
For example: |
| Modified Time | (Optional) Specify the time range to filter results based on the modified time. The following are the accepted formats:
For example: |
| Page | (Optional) Specify the page number from which you want to retrieve records. By default, it is set to 1. |
| Size | (Optional) Specify the maximum number of records that this operation should return for the specified page. By default, this operation retrieves 10 records. Minimum permissible value is 0 and the maximum is 500. |
The output contains the following populated JSON schema:
{
"hits": [
{
"asset": "",
"assets_linked_count": "",
"cloud_metadata": {
"region": "",
"resource_id": "",
"resource_name": "",
"resource_type": "",
"cloud_provider": "",
"resource_group": "",
"customer_integration_name": ""
},
"confidence": "",
"domain_expiry": "",
"fgt_metadata": {
"virtual_ip": [
{
"name": "",
"protocol": "",
"mapped_ip": "",
"mapped_ports": "",
"external_ports": "",
"mapped_device_mac": "",
"mapped_device_os_name": ""
}
],
"interface_id": "",
"integration_id": "",
"interface_name": "",
"integration_type": "",
"customer_integration_name": ""
},
"groups": [
{
"id": "",
"name": ""
}
],
"id": "",
"ip_address": "",
"nameserver": [],
"original_ip": [],
"ports": [],
"ssl_cert_org": "",
"tags": [
{
"id": "",
"name": ""
}
],
"technologies": [],
"created_ts": "",
"modified_ts": ""
}
],
"page": "",
"size": "",
"total": ""
}
| Parameter | Description |
|---|---|
| Asset ID | Specify the asset ID to retrieve its associated domain details. |
| Linked Assets | (Optional) Select to retrieve linked assets. By default, it is unchecked and set to false. |
The output contains the following populated JSON schema:
Output schema when you choose Linked Assets as false:
{
"tags": [
{
"id": "",
"name": ""
}
],
"groups": [
{
"id": "",
"name": ""
}
],
"id": "",
"asset": "",
"ports": [],
"ssl_cert_org": "",
"ip_address": "",
"technologies": [],
"confidence": "",
"domain_expiry": "",
"nameserver": [],
"original_ip": [],
"cloud_metadata": {
"region": "",
"resource_id": "",
"resource_name": "",
"resource_type": "",
"cloud_provider": "",
"resource_group": "",
"customer_integration_name": ""
},
"fgt_metadata": {
"customer_integration_name": "",
"integration_id": "",
"integration_type": "",
"interface_id": "",
"interface_name": "",
"virtual_ip": [
{
"external_ports": "",
"mapped_device_mac": "",
"mapped_device_os_name": "",
"mapped_ip": "",
"mapped_ports": "",
"name": "",
"protocol": ""
}
]
},
"assets_linked_count": "",
"issue_count": "",
"created_ts": "",
"modified_ts": "",
"discovery_path": [
{
"source": "",
"module": "",
"name": "",
"target": "",
"data_type": ""
}
]
}
Output schema when you choose Linked Assets as true:
{
"tags": [
{
"id": "",
"name": ""
}
],
"groups": [
{
"id": "",
"name": ""
}
],
"id": "",
"asset": "",
"ports": [],
"ssl_cert_org": "",
"ip_address": "",
"technologies": [],
"confidence": "",
"domain_expiry": "",
"nameserver": [],
"original_ip": [],
"cloud_metadata": {
"region": "",
"resource_id": "",
"resource_name": "",
"resource_type": "",
"cloud_provider": "",
"resource_group": "",
"customer_integration_name": ""
},
"fgt_metadata": {
"customer_integration_name": "",
"integration_id": "",
"integration_type": "",
"interface_id": "",
"interface_name": "",
"virtual_ip": [
{
"external_ports": "",
"mapped_device_mac": "",
"mapped_device_os_name": "",
"mapped_ip": "",
"mapped_ports": "",
"name": "",
"protocol": ""
}
]
},
"assets_linked_count": "",
"issue_count": "",
"discovery_path": [
{
"source": "",
"module": "",
"name": "",
"target": "",
"data_type": ""
}
],
"assets_linked": []
}
| Parameter | Description |
|---|---|
| Ports | (Optional) Specify the ports to filter the retrieved IP addresses. Specify the ports as comma-separated values to get only those results that have ALL of the specified ports. For example: 8080,443. |
| Countries | (Optional) Specify the country code to filter the discovered issues. Specify the countries as comma-separated values to get all those results that have ANY of the specified countries. For example: IN,US |
| Asset | (Optional) Specify the asset to filter the retrieved IP addresses. |
| Search Type | (Optional) Select the search type to filter the retrieved IPs. You can choose from the following options:
NOTE: Use the Asset parameter to search along with this parameter. |
| IP Prefix | (Optional) Specify an IP address prefix to filter the retrieved IP addresses. |
| Version | (Optional) Select the IP version by which to retrieve records. You can choose from the following options:
|
| Tags In (Match Any) | (Optional) Specify the tag ID to filter retrieved results. You can specify multiple tag IDs as comma-separated values. It returns results if it matches any of the specified tags, operating as an OR filter. |
| Tags In (Match All) | (Optional) Specify the tag ID to filter retrieved results. You can specify multiple tag IDs as comma-separated values. It returns results if it matches all of the specified tags, operating as an AND filter. |
| Groups In (Match Any) | (Optional) Specify the group ID to filter retrieved results. You can specify multiple group IDs as comma-separated values. It returns results if it matches any of the specified groups, operating as an OR filter. |
| Groups In (Match All) | (Optional) Specify the group ID to filter retrieved results. You can specify multiple group IDs as comma-separated values. It returns results if it matches all of the specified groups, operating as an AND filter. |
| After Primary Scan | (Optional) Select whether to fetch results for items created before or after the primary scan. You can choose from the following options:
|
| Discovered By FortiGate Integration | (Optional) Select whether to fetch IP addresses discovered via FortiGate integrations. You can choose from the following options:
|
| Is Live | (Optional) Select whether to fetch IP addresses that are live. You can choose from the following options:
|
| Discovered By Cloud Integration | (Optional) Select whether to fetch IP addresses discovered via Cloud integrations. You can choose from the following options:
|
| Cloud Metadata | (Optional) Specify the cloud metadata in JSON format to filter the results. Available fields are: integration_id, cloud_provider, account_id, resource_id, resource_group, resource_name, resource_type, region, and subscription_id. For example:
{
"cloud_provider": [
"azure"
],
"region": [
"westus2"
],
"integration_id": [
"777408f550e5rrdd1hjf3w90"
],
"resource_name": [
"TestAssetsPublic"
]
}
|
| Created Time | (Optional) Specify the time range to filter results based on the created time. The following are the accepted formats:
For example: |
| Modified Time | (Optional) Specify the time range to filter results based on the modified time. The following are the accepted formats:
For example: |
| Page | (Optional) Specify the page number from which you want to retrieve records. By default, it is set to 1. |
| Size | (Optional) Specify the maximum number of records that this operation should return for the specified page. By default, this operation retrieves 10 records. Minimum permissible value is 0 and the maximum is 500. |
The output contains the following populated JSON schema:
{
"total": "",
"page": "",
"size": "",
"hits": [
{
"tags": [
{
"id": "",
"name": ""
}
],
"groups": [
{
"id": "",
"name": ""
}
],
"id": "",
"ip_prefix": "",
"asset": "",
"ports": [],
"cloud_metadata": {},
"fgt_metadata": {},
"discovery_path": [],
"assets_linked_count": "",
"version": "",
"created_ts": "",
"modified_ts": ""
}
]
}
| Parameter | Description |
|---|---|
| Asset ID | Specify the asset ID to retrieve the IP address details. |
| Linked Assets | (Optional) Select to retrieve linked assets. By default, it is unchecked and set to False. |
The output contains the following populated JSON schema:
Output schema when you choose Linked Assets as false:
{
"tags": [],
"groups": [
{
"id": "",
"name": ""
}
],
"id": "",
"ip_prefix": "",
"asset": "",
"ports": [],
"cloud_metadata": {},
"fgt_metadata": {},
"assets_linked_count": "",
"version": "",
"issue_count": "",
"created_ts": "",
"modified_ts": "",
"discovery_path": [
{
"source": "",
"module": "",
"name": "",
"target": "",
"data_type": ""
}
]
}
Output schema when you choose Linked Assets as true:
{
"tags": [
{
"id": "",
"name": ""
}
],
"groups": [
{
"id": "",
"name": ""
}
],
"id": "",
"ip_prefix": "",
"asset": "",
"ports": [],
"cloud_metadata": {},
"fgt_metadata": {},
"assets_linked_count": "",
"version": "",
"issue_count": "",
"discovery_path": [
{
"source": "",
"module": "",
"name": "",
"target": "",
"data_type": ""
}
],
"assets_linked": []
}
| Parameter | Description |
|---|---|
| Asset | (Optional) Specify the asset to filter the retrieved IP address prefix. For example: 185.161.83.0/24. |
| Search Type | (Optional) Specify the search type to filter the retrieved prefixes.
NOTE: Use the Asset parameter to search along with this parameter. |
| ASN | (Optional) Specify the ASN to filter the retrieved IP address prefixes. For example: AS207180 |
| Version | (Optional) Select the IP version by which to filter retrieved records. You can choose from the following options:
|
| Tags In (Match Any) | (Optional) Specify the tag ID to filter retrieved results. You can specify multiple tag IDs as comma-separated values. It returns results if it matches any of the specified tags, operating as an OR filter. |
| Tags In (Match All) | (Optional) Specify the tag ID to filter retrieved results. You can specify multiple tag IDs as comma-separated values. It returns results if it matches all of the specified tags, operating as an AND filter. |
| Groups In (Match Any) | (Optional) Specify the group ID to filter retrieved results. You can specify multiple group IDs as comma-separated values. It returns results if it matches any of the specified groups, operating as an OR filter. |
| Groups In (Match All) | (Optional) Specify the group ID to filter retrieved results. You can specify multiple group IDs as comma-separated values. It returns results if it matches all of the specified groups, operating as an AND filter. |
| After Primary Scan | (Optional) Select whether to fetch results for items created before or after the primary scan. You can choose from the following options:
|
| Discovered By FortiGate Integration | (Optional) Select whether to fetch IP addresses discovered via FortiGate integrations. You can choose from the following options:
|
| Cloud Metadata | (Optional) Specify the cloud metadata in JSON format to filter the results. Available fields are: integration_id, cloud_provider, account_id, resource_id, resource_group, resource_name, resource_type, region, and subscription_id. For example:
{
"cloud_provider": [
"azure"
],
"region": [
"westus2"
],
"integration_id": [
"777408f550e5rrdd1hjf3w90"
],
"resource_name": [
"TestAssetsPublic"
]
}
|
| Created Time | (Optional) Specify the time range to filter results based on the created time. The following are the accepted formats:
For example: |
| Modified Time | (Optional) Specify the time range to filter results based on the modified time. The following are the accepted formats:
For example: |
| Page | (Optional) Specify the page number from which you want to retrieve records. By default, it is set to 1. |
| Size | (Optional) Specify the maximum number of records that this operation should return for the specified page. By default, this operation retrieves 10 records. Minimum permissible value is 0 and the maximum is 500. |
The output contains the following populated JSON schema:
{
"hits": [
{
"asn_number": "",
"asset": "",
"assets_linked_count": "",
"company_name": "",
"fgt_metadata": {},
"discovery_path": [],
"groups": [
{
"id": "",
"name": ""
}
],
"id": "",
"ip_count": "",
"live_ip_count": "",
"tags": [
{
"id": "",
"name": ""
}
],
"version": "",
"created_ts": "",
"modified_ts": ""
}
],
"page": "",
"size": "",
"total": ""
}
| Parameter | Description |
|---|---|
| Asset ID | Specify the asset ID to retrieve the IP prefix details. |
| Linked Assets | (Optional) Select to retrieve linked assets. By default, it is unchecked and set to false. |
The output contains the following populated JSON schema:
Output schema when you choose Linked Assets as false:
{
"tags": [
{
"id": "",
"name": ""
}
],
"groups": [
{
"id": "",
"name": ""
}
],
"id": "",
"asn_number": "",
"asset": "",
"company_name": "",
"ip_count": "",
"assets_linked_count": "",
"version": "",
"live_ip_count": "",
"fgt_metadata": {},
"discovery_path": [
{
"name": "",
"module": "",
"source": "",
"target": "",
"data_type": ""
}
],
"created_ts": "",
"modified_ts": ""
}
Output schema when you choose Linked Assets as true:
{
"id": "",
"tags": [
{
"id": "",
"name": ""
}
],
"asset": "",
"groups": [
{
"id": "",
"name": ""
}
],
"version": "",
"ip_count": "",
"asn_number": "",
"company_name": "",
"fgt_metadata": {},
"assets_linked": [],
"live_ip_count": "",
"discovery_path": [
{
"name": "",
"module": "",
"source": "",
"target": "",
"data_type": ""
}
],
"assets_linked_count": "",
"created_ts": "",
"modified_ts": ""
}
| Parameter | Description |
|---|---|
| Ports | (Optional) Specify the ports to filter the retrieved subdomains. Specify the ports as comma-separated values to get only those results that have ALL of the specified ports. For example: 8080,443. |
| Technologies | (Optional) Specify the technology discovered on the subdomain to filter the retrieved subdomains. Specify a comma-separated string or a single string. For example MySQL,Bootstrap. |
| Domain | (Optional) Specify a domain to filter the retrieved subdomains. |
| Asset | (Optional) Specify the asset to filter the retrieved subdomains. |
| Search Type | (Optional) Specify the search type to filter the retrieved subdomains.
NOTE: Use Asset parameter to search along with this parameter. |
| Tags In (Match Any) | (Optional) Specify the tag ID to filter retrieved results. You can specify multiple tag IDs as comma-separated values. It returns results if it matches any of the specified tags, operating as an OR filter. |
| Tags In (Match All) | (Optional) Specify the tag ID to filter retrieved results. You can specify multiple tag IDs as comma-separated values. It returns results if it matches all of the specified tags, operating as an AND filter. |
| Groups In (Match Any) | (Optional) Specify the group ID to filter retrieved results. You can specify multiple group IDs as comma-separated values. It returns results if it matches any of the specified groups, operating as an OR filter. |
| Groups In (Match All) | (Optional) Specify the group ID to filter retrieved results. You can specify multiple group IDs as comma-separated values. It returns results if it matches all of the specified groups, operating as an AND filter. |
| After Primary Scan | (Optional) Select whether to fetch results for items created before or after the primary scan. You can choose from the following options:
|
| Discovered By FortiGate Integration | (Optional) Select whether to fetch subdomains discovered via FortiGate integrations. You can choose from the following options:
|
| Is Live | (Optional) Select whether to fetch subdomains that are live. You can choose from the following options:
|
| Discovered By Cloud Integration | (Optional) Select whether to fetch subdomains discovered via Cloud integrations. You can choose from the following options:
|
| Cloud Metadata | (Optional) Specify the cloud metadata in JSON format to filter the results. Available fields are: integration_id, cloud_provider, account_id, resource_id, resource_group, resource_name, resource_type, region, and subscription_id. For example:
{
"cloud_provider": [
"azure"
],
"region": [
"westus2"
],
"integration_id": [
"777408f550e5rrdd1hjf3w90"
],
"resource_name": [
"TestAssetsPublic"
]
}
|
| Created Time | (Optional) Specify the time range to filter results based on the created time. The following are the accepted formats:
For example: |
| Modified Time | (Optional) Specify the time range to filter results based on the modified time. The following are the accepted formats:
For example: |
| Page | (Optional) Specify the page number from which you want to retrieve records. By default, it is set to 1. |
| Size | (Optional) Specify the maximum number of records that this operation should return for the specified page. By default, this operation retrieves 10 records. Minimum permissible value is 0 and the maximum is 500. |
The output contains the following populated JSON schema:
{
"hits": [
{
"id": "",
"tags": [
{
"id": "",
"name": ""
}
],
"asset": "",
"ports": [],
"groups": [],
"ip_address": "",
"domain_name": "",
"fgt_metadata": {},
"technologies": [],
"discovery_path": [],
"cloud_metadata": {},
"created_ts": "",
"modified_ts": ""
}
],
"page": "",
"size": "",
"total": ""
}
| Parameter | Description |
|---|---|
| Asset ID | Specify the asset ID to retrieve the subdomain details. |
The output contains the following populated JSON schema:
{
"id": "",
"tags": [
{
"id": "",
"name": ""
}
],
"asset": "",
"ports": [],
"groups": [],
"ip_address": "",
"domain_name": "",
"issue_count": "",
"fgt_metadata": {},
"technologies": [],
"cloud_metadata": {},
"discovery_path": [
{
"name": "",
"module": "",
"source": "",
"target": "",
"data_type": ""
}
],
"created_ts": "",
"modified_ts": ""
}
| Parameter | Description |
|---|---|
| Ports | (Optional) Specify the ports to filter the asset statistics. Specify the ports as comma-separated values to get only those results that have ALL of the specified ports. For example: 8080,443. |
| Countries | (Optional) Specify the country code to filter the discovered issues. Specify the countries as comma-separated values to get all those results that have ANY of the specified countries. For example: IN,US |
| Technologies | (Optional) Specify the technologies to filter the asset statistics. Specify a comma-separated string or a single string. For example MySQL,Bootstrap. |
| Tags In (Match Any) | (Optional) Specify the tag ID to filter retrieved results. You can specify multiple tag IDs as comma-separated values. It returns results if it matches any of the specified tags, operating as an OR filter. |
| Tags In (Match All) | (Optional) Specify the tag ID to filter retrieved results. You can specify multiple tag IDs as comma-separated values. It returns results if it matches all of the specified tags, operating as an AND filter. |
| Groups In (Match Any) | (Optional) Specify the group ID to filter retrieved results. You can specify multiple group IDs as comma-separated values. It returns results if it matches any of the specified groups, operating as an OR filter. |
| Groups In (Match All) | (Optional) Specify the group ID to filter retrieved results. You can specify multiple group IDs as comma-separated values. It returns results if it matches all of the specified groups, operating as an AND filter. |
| After Primary Scan | (Optional) Select whether to fetch results for items created before or after the primary scan. You can choose from the following options:
|
The output contains the following populated JSON schema:
{
"org_name": "",
"asn_count": "",
"ip_prefix_count": "",
"live_domain_count": "",
"total_domain_count": "",
"billable_assets_count": "",
"live_ip_address_count": "",
"live_sub_domain_count": "",
"total_ip_address_count": "",
"total_sub_domain_count": ""
}
| Parameter | Description |
|---|---|
| Breach Name | (Optional) Specify the breach name to retrieve specific breach details. For example: test-org. The response filters out results and fetches credentials exposed for test-org. |
| Keyword | (Optional) Specify the text to search in the breach name, details, and list of compromised data. For example:test-org. The response filters out results and fetches credentials exposed for test-org. |
| Has Password | (Optional) Select to filter the leaked credential list based on whether the credentials contain passwords. |
| Is Relevant | (Optional) Select to filter the leaked credential list related to an organization. |
| Page | (Optional) Specify the page number from which you want to retrieve records. By default, it is set to 1. |
| Size | (Optional) Specify the maximum number of records that this operation should return for the specified page. By default, this operation retrieves 10 records. Minimum permissible value is 0 and the maximum is 500. |
The output contains the following populated JSON schema:
{
"hits": [
{
"id": "",
"date": "",
"name": "",
"details": "",
"added_on": "",
"has_password": "",
"affected_domains": "",
"compromised_data": "",
"compromised_accounts": ""
}
],
"page": "",
"size": "",
"total": ""
}
| Parameter | Description |
|---|---|
| Breach ID | Specify the breach ID to retrieve the breach details. |
The output contains the following populated JSON schema:
{
"id": "",
"date": "",
"name": "",
"details": "",
"added_on": "",
"has_password": "",
"compromised_data": "",
"compromised_accounts": ""
}
| Parameter | Description |
|---|---|
| Tags In (Match Any) | (Optional) Specify the tag ID to filter retrieved results. You can specify multiple tag IDs as comma-separated values. It returns results if it matches any of the specified tags, operating as an OR filter. |
| Tags In (Match All) | (Optional) Specify the tag ID to filter retrieved results. You can specify multiple tag IDs as comma-separated values. It returns results if it matches all of the specified tags, operating as an AND filter. |
| Groups In (Match Any) | (Optional) Specify the group ID to filter retrieved results. You can specify multiple group IDs as comma-separated values. It returns results if it matches any of the specified groups, operating as an OR filter. |
| Groups In (Match All) | (Optional) Specify the group ID to filter retrieved results. You can specify multiple group IDs as comma-separated values. It returns results if it matches all of the specified groups, operating as an AND filter. |
The output contains the following populated JSON schema:
{
"report_id": ""
}
| Parameter | Description |
|---|---|
| Report ID | Specify the report ID to retrieve the report details. |
| Get Report Link | (Optional) Select the checkbox to get an S3 link to a report file. Clear the checkbox to retrieve file data. By default, this checkbox is cleared, i.e., set to false. |
The output contains the following populated JSON schema:
The output schema when you choose *Get Report Link* as `true`:
{
"report_url": ""
}
The output schema when you choose *Get Report Link* as `false`:
{
"asn": [],
"domain": [
{
"tags": "",
"asset": "",
"groups": "",
"ip_address": "",
"open_ports": "",
"technologies": "",
"total_issues": "",
"discovery_path": "",
"subdomain_count": ""
}
],
"issues": [
{
"port": "",
"tags": "",
"asset": "",
"groups": "",
"severity": "",
"issue_name": "",
"issue_status": "",
"linked_assets": "",
"issue_category": "",
"recommendations": "",
"additional_details": ""
}
],
"ip_block": [],
"ip_address": [
{
"tags": "",
"asset": "",
"groups": "",
"country": "",
"open_ports": "",
"total_issues": "",
"linked_assets": "",
"discovery_path": ""
}
],
"sub_domain": [
{
"tags": "",
"asset": "",
"groups": "",
"open_ports": "",
"technologies": "",
"total_issues": "",
"linked_assets": "",
"discovery_path": ""
}
],
"organization": [],
"disappeared_assets": [
{
"asset": "",
"asset_type": ""
}
],
"newly_discovered_assets": [
{
"asset": "",
"asset_type": ""
}
]
}
| Parameter | Description |
|---|---|
| Asset | (Optional) Specify the asset to filter the retrieved exposed services.
NOTE: The only supported asset types are the IP address, domain, and subdomain. |
| Ports | (Optional) Specify the ports to filter the retrieved exposed services. Specify the ports as comma-separated values to get only results with ALL the specified ports. For example: 8080,443. |
| Services | (Optional) Specify the services to filter the retrieved exposed services. Specify the services as comma-separated values to get only those results that have ANY of the specified services. For example: http,https. |
| Products | (Optional) Specify the products to filter the retrieved exposed services. Specify a comma-separated string or a single string. For example: nginx, Jetty. |
| Services Banner | (Optional) Specify the keywords in the service banner to filter the retrieved exposed services.
NOTE: Do not use |
| After Primary Scan | (Optional) Select whether to fetch results for items created before or after the primary scan. You can choose from the following options:
|
| Has SSL | (Optional) Select whether to fetch assets that have SSL. You can choose from the following options:
|
| Created Time | (Optional) Specify the time range to filter results based on the created time. The following are the accepted formats:
For example: |
| Modified Time | (Optional) Specify the time range to filter results based on the modified time. The following are the accepted formats:
For example: |
| Page | (Optional) Specify the page number from which you want to retrieve records. By default, it is set to 1. |
| Size | (Optional) Specify the maximum number of records that this operation should return for the specified page. By default, this operation retrieves 10 records. Minimum permissible value is 0 and the maximum is 500. |
The output contains the following populated JSON schema:
{
"hits": [
{
"cpe": [],
"domains": [],
"ip_address": "",
"os": "",
"port": "",
"product": "",
"service": "",
"service_banner": "",
"ssl": {},
"subdomains": [],
"version": "",
"created_ts": "",
"modified_ts": ""
}
],
"page": "",
"size": "",
"total": ""
}
| Parameter | Description |
|---|---|
| Provider | (Optional) Specify the provider to filter the retrieved cloud integrations. |
| Connection Status | (Optional) Select the connection status to filter the retrieved cloud integrations. You can choose from the following options:
|
| Created Time | (Optional) Specify the time range to filter results based on the created time. The following are the accepted formats:
For example: |
| Modified Time | (Optional) Specify the time range to filter results based on the modified time. The following are the accepted formats:
For example: |
| Page | (Optional) Specify the page number from which you want to retrieve records. By default, it is set to 1. |
| Size | (Optional) Specify the maximum number of records that this operation should return for the specified page. By default, this operation retrieves 10 records. Minimum permissible value is 0 and the maximum is 500. |
The output contains the following populated JSON schema:
{
"hits": [
{
"name": "",
"provider": "",
"account_id": "",
"policy_errors": [],
"connection_status": "",
"created_ts": "",
"modified_ts": ""
}
],
"page": "",
"size": "",
"total": ""
}
| Parameter | Description |
|---|---|
| Connection Status | (Optional) Select the connection status to filter the retrieved FortiGate integrations. |
| Created Time | (Optional) Specify the time range to filter results based on the created time. The following are the accepted formats:
For example: |
| Modified Time | (Optional) Specify the time range to filter results based on the modified time. The following are the accepted formats:
For example: |
| Created Time | (Optional) Specify the time range to filter results based on the created time. The following are the accepted formats:
For example: |
| Modified Time | (Optional) Specify the time range to filter results based on the modified time. The following are the accepted formats:
For example: |
| Page | (Optional) Specify the page number from which you want to retrieve records. By default, it is set to 1. |
| Size | (Optional) Specify the maximum number of records that this operation should return for the specified page. By default, this operation retrieves 10 records. Minimum permissible value is 0 and the maximum is 500. |
The output contains the following populated JSON schema:
{
"hits": [
{
"host": "",
"name": "",
"port": "",
"is_ssl": "",
"verify_ssl": "",
"policy_errors": [],
"connection_status": "",
"created_ts": "",
"modified_ts": ""
}
],
"page": "",
"size": "",
"total": ""
}
| Parameter | Description |
|---|---|
| Domain | Specify the domain for which you want security insights to be retrieved. |
The output contains the following populated JSON schema:
{
"authoritative": [
{
"comments": "",
"info": "",
"severity_on_fail": "",
"status": "",
"title": ""
}
],
"parent": [
{
"comments": "",
"info": "",
"severity_on_fail": "",
"status": "",
"title": ""
}
],
"soa": [
{
"comments": "",
"info": "",
"severity_on_fail": "",
"status": "",
"title": ""
}
]
}
| Parameter | Description |
|---|---|
| Issue ID | Specify the ID of the issue whose comments are to be retrieved. |
| Comment Type | (Optional) Select the comment type that is to be retrieved for the specified issue. You can choose from User or System |
| Created Time | (Optional) Specify the time range to filter results based on the created time. The following are the accepted formats:
For example: |
| Modified Time | (Optional) Specify the time range to filter results based on the modified time. The following are the accepted formats:
For example: |
| Page | (Optional) Specify the page number from which you want to retrieve records. By default, it is set to 1. |
| Size | (Optional) Specify the maximum number of records that this operation should return for the specified page. By default, this operation retrieves 10 records. Minimum permissible value is 0 and the maximum is 500. |
The output contains the following populated JSON schema:
{
"hits": [
{
"text": "",
"user_name": "",
"comment_type": "",
"created_ts": "",
"modified_ts": ""
}
],
"page": "",
"size": "",
"total": ""
}
| Parameter | Description |
|---|---|
| Issue ID | Specify the ID of the issue whose comments are to be retrieved. |
| Comment Type | (Optional) Select the comment type that is to be retrieved for the specified issue. You can choose from User or System |
| Created Time | (Optional) Specify the time range to filter results based on the created time. The following are the accepted formats:
For example: |
| Modified Time | (Optional) Specify the time range to filter results based on the modified time. The following are the accepted formats:
For example: |
| Page | (Optional) Specify the page number from which you want to retrieve records. By default, it is set to 1. |
| Size | (Optional) Specify the maximum number of records that this operation should return for the specified page. By default, this operation retrieves 10 records. Minimum permissible value is 0 and the maximum is 500. |
The output contains the following populated JSON schema:
{
"hits": [
{
"text": "",
"user_name": "",
"comment_type": "",
"created_ts": "",
"modified_ts": ""
}
],
"page": "",
"size": "",
"total": ""
}
| Parameter | Description |
|---|---|
| Scope | (Optional) Select the scope for which you want to retrieve the tags. You can choose from the following options:
|
| Name | (Optional) Specify the name of tag to retrieve. Names are matched partially. |
| Created Time | (Optional) Specify the time range to filter results based on the created time. The following are the accepted formats:
For example: |
| Modified Time | (Optional) Specify the time range to filter results based on the modified time. The following are the accepted formats:
For example: |
| Page | (Optional) Specify the page number from which you want to retrieve records. By default, it is set to 1. |
| Size | (Optional) Specify the maximum number of records that this operation should return for the specified page. By default, this operation retrieves 10 records. Minimum permissible value is 0 and the maximum is 500. |
The output contains the following populated JSON schema:
{
"hits": [
{
"id": "",
"name": "",
"scope": "",
"description": "",
"linked_assets_count": "",
"created_ts": "",
"modified_ts": ""
}
],
"page": "",
"size": "",
"total": ""
}
| Parameter | Description |
|---|---|
| Tag ID | Specify the ID of the tag that is to be retrieved. |
| Linked Asset | (Optional) Select to retrieve linked assets. By default, it is unchecked and set to False. |
The output contains the following populated JSON schema:
Output schema when you choose Linked Asset as true:
{
"id": "",
"name": "",
"scope": "",
"description": "",
"linked_assets_count": "",
"created_ts": "",
"modified_ts": ""
}
Output schema when you choose Linked Asset as false:
{
"id": "",
"name": "",
"scope": "",
"description": "",
"linked_assets_count": "",
"created_ts": "",
"modified_ts": ""
}
| Parameter | Description |
|---|---|
| Scope | (Optional) Specify the scope for which you want to retrieve the groups. You can choose from System, Client |
| Group Name | (Optional) Specify the name of the group that you want to retrieve. Names are matched partially. |
| Created Time | (Optional) Specify the time range to filter results based on the created time. The following are the accepted formats:
For example: |
| Modified Time | (Optional) Specify the time range to filter results based on the modified time. The following are the accepted formats:
For example: |
| Page | (Optional) Specify the page number from which you want to retrieve records. By default, it is set to 1. |
| Size | (Optional) Specify the maximum number of records that this operation should return for the specified page. By default, this operation retrieves 10 records. Minimum permissible value is 0 and the maximum is 500. |
The output contains the following populated JSON schema:
{
"hits": [
{
"id": "",
"name": "",
"scope": "",
"description": "",
"linked_assets_count": "",
"created_ts": "",
"modified_ts": ""
}
],
"page": "",
"size": "",
"total": ""
}
| Parameter | Description |
|---|---|
| Group ID | Specify the ID of the group that is to be retrieved. |
| Linked Asset | (Optional) Select to retrieve linked assets. By default, it is unchecked and set to False. |
The output contains the following populated JSON schema:
Output schema when you choose Linked Asset as false:
{
"id": "",
"name": "",
"scope": "",
"description": "",
"linked_assets_count": "",
"created_ts": "",
"modified_ts": ""
}
Output schema when you choose Linked Asset as true:
{
"id": "",
"name": "",
"scope": "",
"description": "",
"linked_assets": [],
"linked_assets_count": "",
"created_ts": "",
"modified_ts": ""
}
| Parameter | Description |
|---|---|
| Asset ID | Specify the ID of the archived asset you want to update to Active. |
The output contains the following populated JSON schema:
{
"message": ""
}
| Parameter | Description |
|---|---|
| Issue ID | Specify the ID of the archived issue you want to update to Active. |
The output contains the following populated JSON schema:
{
"message": ""
}
| Parameter | Description |
|---|---|
| Issue ID | Specify the ID of the security issue you want to update. |
| Status | Select the status to which you want to update the specified security issue. You can choose from the following options: ACTIVE, RESOLVED, FALSE_POSITIVE, or RISK_ACCEPTED. |
The output contains the following populated JSON schema:
{
"message": ""
}
| Parameter | Description |
|---|---|
| Asset ID | Specify the ID of the ASN asset you want to update to False Positive. |
The output contains the following populated JSON schema:
{
"message": ""
}
| Parameter | Description |
|---|---|
| Asset ID | Specify the ID of the IP Prefix asset you want to update to False Positive. |
The output contains the following populated JSON schema:
{
"message": ""
}
| Parameter | Description |
|---|---|
| Asset ID | Specify the ID of the IP asset you want to update to False Positive. |
The output contains the following populated JSON schema:
{
"message": ""
}
| Parameter | Description |
|---|---|
| Asset ID | Specify the ID of the domain asset you want to update to False Positive. |
The output contains the following populated JSON schema:
{
"message": ""
}
| Parameter | Description |
|---|---|
| Asset ID | Specify the ID of the subdomain asset you want to update to False Positive. Note: This operation is not allowed on the same asset_id. |
The output contains the following populated JSON schema:
{
"message": ""
}
| Parameter | Description |
|---|---|
| Leaked Credential ID | Specify the ID of the leaked credential you want to update. |
| Status | Select the status to which you want to update the specified leaked credential. You can choose either ACTIVE or RESOLVED. |
The output contains the following populated JSON schema:
{
"message": ""
}
The Sample - Fortinet FortiRecon EASM - 1.2.1 playbook collection comes bundled with the Fortinet FortiRecon EASM connector. These playbooks contain steps using which you can perform all supported actions. You can see bundled playbooks in the Automation > Playbooks section in FortiSOAR™ after importing the Fortinet FortiRecon EASM connector.
Note: If you are planning to use any of the sample playbooks in your environment, ensure that you clone those playbooks and move them to a different collection since the sample playbook collection gets deleted during the connector upgrade and deletion.