Fortinet black logo

Fortinet FortiCNP

Fortinet FortiCNP v2.0.0

2.0.0
Copy Link
Copy Doc ID 576e3bc5-866f-11ed-8e6d-fa163e15d75b:472

About the connector

Fortinet FortiCNP integrates with APIs provided by cloud vendors including AWS, Azure, and Google Cloud Platform to monitor and track all security components, including configurations, user activity, and traffic flow logs. This Connector automated operations such as retrieving the get alerts from Fortinet FortiCNP, etc.

This document provides information about the Fortinet FortiCNP Connector, which facilitates automated interactions, with a Fortinet FortiCNP server using FortiSOAR™ playbooks. Add the Fortinet FortiCNP Connector as a step in FortiSOAR™ playbooks and perform automated operations with Fortinet FortiCNP.

Version information

Connector Version: 2.0.0

FortiSOAR™ Version Tested on: 7.3.0-2034 and later

Fortinet FortiCNP Version Tested on: 22.4.a

Authored By: Fortinet

Certified: Yes

Release Notes for version 2.0.0

Following enhancements have been made to the Fortinet FortiCNP Connector in version 2.0.0:

  • The connector has now been renamed to FortiCNP from its earlier name FortiCWP.
  • Added the following new actions and playbooks
    • Get Resource List
    • Get Resource details
    • Get Finding List
  • Removed the following actions and playbooks
    • Get User Account Details
    • Get Alert
    • Get Alert Severities
    • Get Account Severity Level

Installing the connector

Use the Content Hub to install the connector. For the detailed procedure to install a connector, click here.

You can also use the yum command as a root user to install the connector:

yum install cyops-connector-fortinet-forticnp

Prerequisites to configuring the connector

  • You must have the URL of Fortinet FortiCNP server to which you connect and perform automated operations, and credentials to access that server.
  • The FortiSOAR™ server should have outbound connectivity to port 443 on the Fortinet FortiCNP server.

Minimum Permissions Required

A user profile must have the following permission and resource groups:

  • Permission Group: Global Auditor Profile
  • Resource Group: Relevant resources assigned under resource group

Configuring the connector

For the procedure to configure a connector, click here

Configuration parameters

In FortiSOAR™, on the Connectors page, click the Fortinet FortiCNP connector row (if you are in the Grid view on the Connectors page) and in the Configurations tab enter the required configuration details:

Parameter Description
Server URL URL of the Fortinet FortiCNP API server to connect and perform automated operations.
API Key The FortiCNP credentials required to connect to FortiCNP server and perform automated operations. Follow this link to generate the credentials.
Verify SSL Specifies whether the SSL certificate for the server is to be verified or not.
By default, this option is set to True.

Actions supported by the connector

The following automated operations can be included in playbooks and you can also use the annotations to access operations from FortiSOAR™ release 4.10.0 and onwards:

Function Description Annotation and Category
Get Resource Map Retrieves the user and account basic information from FortiCNP, including company name, user name, and company ID. get_resource_map
Investigation
Get Resource List Retrieve a complete list of cloud resource details based on filter JSON that you have specified. get_resource_list
Investigation
Get Resource Details Retrieve details of a specific cloud resource from Fortinet FortiCNP based on the Resource ID that you have specified. get_resource_details
Investigation
Get Finding List Get all the findings of a specific resource based on the resource ID and a custom date range that you have specified. get_finding_list
Investigation

operation: Get Resource Map

Input parameters

None.

Output

The output contains the following populated JSON schema:
{
"roleId": "",
"username": "",
"resourceURL": "",
"companyMapSet": [
{
"companyId": "",
"companyName": ""
}
]
}

operation: Get Resource List

Input parameters

Parameter Description
Filter JSON Specify the filter json that you want to retrieve from Fortinet FortiCNP. For example, [{"key": "GoogleCloud", "option": [{"key": "Compute Engine Instance" } ] } ] }
Offset (Optional) Specify the count of the first few records to skip while retrieving response from Fortinet FortiCNP.
Limit (Optional) Specify the maximum number of records that you want this operation to fetch from Fortinet FortiCNP.
Sort By Specify the sorting parameter from the following available options:
  • ID
  • Region
  • Resource Type
  • Risk Level
Sort Order Specify the sort order of the returned resource list. The order can either be ascending or descending.

Output

The output contains the following populated JSON schema:
{
"datas": [
{
"id": "",
"name": "",
"region": "",
"resourceId": "",
"category": "",
"resourceTagGroup": {
"select": "",
"key": "",
"option": [
{
"select": "",
"key": "",
"name": ""
}
]
},
"availableActions": [],
"account": {
"service": "",
"accountName": "",
"accountNumber": "",
"accountEmail": "",
"organizationDomain": "",
"status": ""
},
"lastScanTime": "",
"rriSupport": "",
"state": "",
"riskScore": "",
"vId": "",
"identity": ""
}
],
"totalPage": "",
"limit": "",
"skip": "",
"totalCount": ""
}

operation: Get Resource Details

Input parameters

Parameter Description
Resource ID Specify the ID of the resource whose details you want to retrieve from Fortinet FortiCNP. The resource ID can be obtained through FortiCNP INSIGHTS > Risk > Resource Detail page.

Output

The output contains the following populated JSON schema:
{
"creationTimestamp": "",
"type": "",
"machineType": "",
"status": "",
"zone": "",
"project": "",
"tags": {
"fingerprint": "",
"items": []
},
"firewalls": [
{
"type": "",
"resourceType": ""
}
],
"networkInterfaces": [
{
"kind": "",
"network": "",
"subnetwork": "",
"networkIP": "",
"name": "",
"accessConfigs": [
{
"kind": "",
"type": "",
"name": "",
"natIP": "",
"networkTier": ""
}
]
}
],
"name": "",
"resourceType": "",
"region": "",
"deleted": ""
}

operation: Get Finding List

Input parameters

Parameter Description
Resource ID Specify the ID of the resource whose details you want to retrieve from Fortinet FortiCNP. The resource ID can be obtained through FortiCNP INSIGHTS > Risk > Resource Detail page.
Start Time Specify the start date-time of filtered open alerts from when you want to retrieve data from Fortinet FortiCNP.
End Time Specify the end date-time of filtered open alerts till when you want to retrieve data from Fortinet FortiCNP.
Offset (Optional) Specify the count of the first few records to skip while retrieving response from Fortinet FortiCNP.
Limit (Optional) Specify the maximum number of records that you want this operation to fetch from Fortinet FortiCNP

Output

The output contains the following populated JSON schema:
{
"data": [
{
"buId": "",
"companyId": "",
"timestampUUID": "",
"id": "",
"object": "",
"objectType": "",
"objectId": "",
"objectContext": "",
"user": "",
"userName": "",
"severity": "",
"applicationId": "",
"violationActivity": "",
"displayOperation": "",
"createTime": "",
"updateTime": "",
"policyName": "",
"policyId": "",
"policyCode": "",
"contextName": "",
"eventIdList": [],
"service": "",
"description": " ",
"resultDesc": "",
"matches": "",
"region": "",
"alertType": "",
"defineType": "",
"nodeType": "",
"port": "",
"state": "",
"resourceId": ""
}
],
"totalPage": "",
"limit": "",
"skip": "",
"totalCount": ""
}

Included playbooks

The Sample - Fortinet FortiCNP - 2.0.0 playbook collection comes bundled with the Fortinet FortiCNP connector. These playbooks contain steps using which you can perform all supported actions. You can see bundled playbooks in the Automation > Playbooks section in FortiSOAR™ after importing the Fortinet FortiCNP connector.

  • Get Finding List
  • Get Resource Details
  • Get Resource List
  • Get Resource Map

Note: If you are planning to use any of the sample playbooks in your environment, ensure that you clone those playbooks and move them to a different collection, since the sample playbook collection gets deleted during connector upgrade and delete.

Previous
Next

About the connector

Fortinet FortiCNP integrates with APIs provided by cloud vendors including AWS, Azure, and Google Cloud Platform to monitor and track all security components, including configurations, user activity, and traffic flow logs. This Connector automated operations such as retrieving the get alerts from Fortinet FortiCNP, etc.

This document provides information about the Fortinet FortiCNP Connector, which facilitates automated interactions, with a Fortinet FortiCNP server using FortiSOAR™ playbooks. Add the Fortinet FortiCNP Connector as a step in FortiSOAR™ playbooks and perform automated operations with Fortinet FortiCNP.

Version information

Connector Version: 2.0.0

FortiSOAR™ Version Tested on: 7.3.0-2034 and later

Fortinet FortiCNP Version Tested on: 22.4.a

Authored By: Fortinet

Certified: Yes

Release Notes for version 2.0.0

Following enhancements have been made to the Fortinet FortiCNP Connector in version 2.0.0:

Installing the connector

Use the Content Hub to install the connector. For the detailed procedure to install a connector, click here.

You can also use the yum command as a root user to install the connector:

yum install cyops-connector-fortinet-forticnp

Prerequisites to configuring the connector

Minimum Permissions Required

A user profile must have the following permission and resource groups:

Configuring the connector

For the procedure to configure a connector, click here

Configuration parameters

In FortiSOAR™, on the Connectors page, click the Fortinet FortiCNP connector row (if you are in the Grid view on the Connectors page) and in the Configurations tab enter the required configuration details:

Parameter Description
Server URL URL of the Fortinet FortiCNP API server to connect and perform automated operations.
API Key The FortiCNP credentials required to connect to FortiCNP server and perform automated operations. Follow this link to generate the credentials.
Verify SSL Specifies whether the SSL certificate for the server is to be verified or not.
By default, this option is set to True.

Actions supported by the connector

The following automated operations can be included in playbooks and you can also use the annotations to access operations from FortiSOAR™ release 4.10.0 and onwards:

Function Description Annotation and Category
Get Resource Map Retrieves the user and account basic information from FortiCNP, including company name, user name, and company ID. get_resource_map
Investigation
Get Resource List Retrieve a complete list of cloud resource details based on filter JSON that you have specified. get_resource_list
Investigation
Get Resource Details Retrieve details of a specific cloud resource from Fortinet FortiCNP based on the Resource ID that you have specified. get_resource_details
Investigation
Get Finding List Get all the findings of a specific resource based on the resource ID and a custom date range that you have specified. get_finding_list
Investigation

operation: Get Resource Map

Input parameters

None.

Output

The output contains the following populated JSON schema:
{
"roleId": "",
"username": "",
"resourceURL": "",
"companyMapSet": [
{
"companyId": "",
"companyName": ""
}
]
}

operation: Get Resource List

Input parameters

Parameter Description
Filter JSON Specify the filter json that you want to retrieve from Fortinet FortiCNP. For example, [{"key": "GoogleCloud", "option": [{"key": "Compute Engine Instance" } ] } ] }
Offset (Optional) Specify the count of the first few records to skip while retrieving response from Fortinet FortiCNP.
Limit (Optional) Specify the maximum number of records that you want this operation to fetch from Fortinet FortiCNP.
Sort By Specify the sorting parameter from the following available options:
  • ID
  • Region
  • Resource Type
  • Risk Level
Sort Order Specify the sort order of the returned resource list. The order can either be ascending or descending.

Output

The output contains the following populated JSON schema:
{
"datas": [
{
"id": "",
"name": "",
"region": "",
"resourceId": "",
"category": "",
"resourceTagGroup": {
"select": "",
"key": "",
"option": [
{
"select": "",
"key": "",
"name": ""
}
]
},
"availableActions": [],
"account": {
"service": "",
"accountName": "",
"accountNumber": "",
"accountEmail": "",
"organizationDomain": "",
"status": ""
},
"lastScanTime": "",
"rriSupport": "",
"state": "",
"riskScore": "",
"vId": "",
"identity": ""
}
],
"totalPage": "",
"limit": "",
"skip": "",
"totalCount": ""
}

operation: Get Resource Details

Input parameters

Parameter Description
Resource ID Specify the ID of the resource whose details you want to retrieve from Fortinet FortiCNP. The resource ID can be obtained through FortiCNP INSIGHTS > Risk > Resource Detail page.

Output

The output contains the following populated JSON schema:
{
"creationTimestamp": "",
"type": "",
"machineType": "",
"status": "",
"zone": "",
"project": "",
"tags": {
"fingerprint": "",
"items": []
},
"firewalls": [
{
"type": "",
"resourceType": ""
}
],
"networkInterfaces": [
{
"kind": "",
"network": "",
"subnetwork": "",
"networkIP": "",
"name": "",
"accessConfigs": [
{
"kind": "",
"type": "",
"name": "",
"natIP": "",
"networkTier": ""
}
]
}
],
"name": "",
"resourceType": "",
"region": "",
"deleted": ""
}

operation: Get Finding List

Input parameters

Parameter Description
Resource ID Specify the ID of the resource whose details you want to retrieve from Fortinet FortiCNP. The resource ID can be obtained through FortiCNP INSIGHTS > Risk > Resource Detail page.
Start Time Specify the start date-time of filtered open alerts from when you want to retrieve data from Fortinet FortiCNP.
End Time Specify the end date-time of filtered open alerts till when you want to retrieve data from Fortinet FortiCNP.
Offset (Optional) Specify the count of the first few records to skip while retrieving response from Fortinet FortiCNP.
Limit (Optional) Specify the maximum number of records that you want this operation to fetch from Fortinet FortiCNP

Output

The output contains the following populated JSON schema:
{
"data": [
{
"buId": "",
"companyId": "",
"timestampUUID": "",
"id": "",
"object": "",
"objectType": "",
"objectId": "",
"objectContext": "",
"user": "",
"userName": "",
"severity": "",
"applicationId": "",
"violationActivity": "",
"displayOperation": "",
"createTime": "",
"updateTime": "",
"policyName": "",
"policyId": "",
"policyCode": "",
"contextName": "",
"eventIdList": [],
"service": "",
"description": " ",
"resultDesc": "",
"matches": "",
"region": "",
"alertType": "",
"defineType": "",
"nodeType": "",
"port": "",
"state": "",
"resourceId": ""
}
],
"totalPage": "",
"limit": "",
"skip": "",
"totalCount": ""
}

Included playbooks

The Sample - Fortinet FortiCNP - 2.0.0 playbook collection comes bundled with the Fortinet FortiCNP connector. These playbooks contain steps using which you can perform all supported actions. You can see bundled playbooks in the Automation > Playbooks section in FortiSOAR™ after importing the Fortinet FortiCNP connector.

Note: If you are planning to use any of the sample playbooks in your environment, ensure that you clone those playbooks and move them to a different collection, since the sample playbook collection gets deleted during connector upgrade and delete.

Previous
Next