FortiSOAR™ provides you with pre-installed connectors or built-ins, such as the Code Snippet connector that you can use within FortiSOAR™ playbooks, as a connector step, and perform automated operations. These connectors are bundled and named based on the type of operations the connectors can perform.
Apart from the FortiSOAR™ Built-in connectors, Fortinet also provides several connectors for popular integrations like SIEMs, such as FortiSIEM, Splunk, etc., and Ticketing systems such as Jira. You can see a list of published connectors on the FortiSOAR Connectors Documentation site.
The process of installing, configuring, and using connectors is defined in the Introduction to connectors chapter in the "Connectors Guide", which is part of the FortiSOAR™ documentation or see the Installing a connector and Configuring a connector articles.
FortiSOAR™ Built-in connectors are upgraded by default with a FortiSOAR™ upgrade. Use the Content Hub to upgrade your connectors to the latest version, in case you want to only upgrade the connectors and not FortiSOAR™.
Use the Code Snippet connector to run a python function as part of playbooks. You can add the "Code Snippet" connector in a playbook as a connector step and execute a python code as part of a playbook.
Connector Version: 2.1.3
FortiSOAR™ Version Tested on: 7.6.0 - 5012
Authored By: Fortinet
Certified: Yes
The following enhancements have been made to the Code Snippet connector in version 2.1.3:
importlib and imp libraries.In FortiSOAR™, on the Content Hub (or Connector Store) page, click the Manage tab, and then click the Code Snippet connector card. On the connector popup, click the Configurations tab to enter the required configuration details.
| Parameter | Description |
|---|---|
| Allow Universal Imports | Select this option to allow all python modules except the following to be used in code snippets.
Since, users can use the Code Snippet connector, to perform any operation on your FortiSOAR system by writing a python function, including functions to manipulate files on the system and run system operations that could enable you to get user login information; it is highly recommended to leave the Allow Universal Imports checkbox unchecked (default). Leaving this option unchecked ensures that users can import only a restricted list of python modules, which are specified by the administrators. To use any python module, users are required to include the import statement. For more information, see the Alternative ways of restricting python modules topic. If you uncheck the checkbox, specify value in the following field:
|
If administrators do not want to restrict the python modules that users can use, i.e., select the Allow Universal Imports checkbox (not recommended), then in such a case administrators assign ownership of connector configuration by setting a particular configuration to Private, allowing administrators to control who can view and execute the particular connector configuration. Setting a connector configuration to Private allows only the assigned team owners to view and execute the connector configuration as shown in the following image:
Similarly, administrators can also restrict the roles that are allowed to execute the python code, by clicking the Action tab, and then in the Execute Python Code (and Execute Python Code (Deprecated)) row, click the Assign Role(s) to Action icon to display the Assign Role(s) to Action dialog, where you can select the roles that would be able to perform the action. For example, in the following image, only the Security Administrator role can run the Execute Python Code action:
You can use the following automated operations in playbooks and also use the annotations to access operations:
| Function | Description | Annotation and Category |
|---|---|---|
| Execute Python Code | Execute the specified Python code as part of your playbooks. | run_cmd |
| Execute Python Code (Deprecated) | Execute the specified Python code as part of your playbooks. | run_cmd |
| Parameter | Description |
|---|---|
| Python Function | Enter the Python function that you want to run as part of the playbook. |
The output contains the following populated JSON schema:
{
"code_output": {}
}
| Parameter | Description |
|---|---|
| Python Function | Enter the Python function that you want to run as part of the playbook. |
The output contains the following populated JSON schema:
{
"code_output": {}
}
Some customizable settings ensure that the Code Snippet connector uses safe built-in functions.
IMPORTANT: Only the root user can configure these settings.
Open the /opt/cyops-integrations/integrations/configs/config.ini file, and in the [connector_configuration] section, add the following entry:
allow_only_safe_builtins = true
NOTE: In case your config.ini file does not have the [connector_configuration] section, then you must manually add the same in the file.
Run the following command:
touch /opt/cyops/configs/integrations/workspace/connector_dev_config.ini
After enabling safe built-ins, if you use any Python built-ins that are not supported in the Code Snippet connector, FortiSOAR will displays the following error:
"Invalid code snippet: Uses of ['<builtins_name>'] is restricted in the code snippet. Remove ['<builtins_name>'] from the code snippet and retry."
To add support for a specific built-in in the Code Snippet connector, follow these steps:
/opt/cyops-integrations/integrations/configs/config.ini file, and in the [connector_configuration] section, add the entry in the following format:
custom_builtins = ['1_built-ins_name', '2_built-ins_name']
For example,
custom_builtins = ['list','dict', 'eval']
root user to create a connector configuration file:
touch /opt/cyops/configs/integrations/workspace/connector_dev_config.ini
uwsgi service using the following command:
systemctl restart uwsgi
FortiSOAR™ provides you with pre-installed connectors or built-ins, such as the Code Snippet connector that you can use within FortiSOAR™ playbooks, as a connector step, and perform automated operations. These connectors are bundled and named based on the type of operations the connectors can perform.
Apart from the FortiSOAR™ Built-in connectors, Fortinet also provides several connectors for popular integrations like SIEMs, such as FortiSIEM, Splunk, etc., and Ticketing systems such as Jira. You can see a list of published connectors on the FortiSOAR Connectors Documentation site.
The process of installing, configuring, and using connectors is defined in the Introduction to connectors chapter in the "Connectors Guide", which is part of the FortiSOAR™ documentation or see the Installing a connector and Configuring a connector articles.
FortiSOAR™ Built-in connectors are upgraded by default with a FortiSOAR™ upgrade. Use the Content Hub to upgrade your connectors to the latest version, in case you want to only upgrade the connectors and not FortiSOAR™.
Use the Code Snippet connector to run a python function as part of playbooks. You can add the "Code Snippet" connector in a playbook as a connector step and execute a python code as part of a playbook.
Connector Version: 2.1.3
FortiSOAR™ Version Tested on: 7.6.0 - 5012
Authored By: Fortinet
Certified: Yes
The following enhancements have been made to the Code Snippet connector in version 2.1.3:
importlib and imp libraries.In FortiSOAR™, on the Content Hub (or Connector Store) page, click the Manage tab, and then click the Code Snippet connector card. On the connector popup, click the Configurations tab to enter the required configuration details.
| Parameter | Description |
|---|---|
| Allow Universal Imports | Select this option to allow all python modules except the following to be used in code snippets.
Since, users can use the Code Snippet connector, to perform any operation on your FortiSOAR system by writing a python function, including functions to manipulate files on the system and run system operations that could enable you to get user login information; it is highly recommended to leave the Allow Universal Imports checkbox unchecked (default). Leaving this option unchecked ensures that users can import only a restricted list of python modules, which are specified by the administrators. To use any python module, users are required to include the import statement. For more information, see the Alternative ways of restricting python modules topic. If you uncheck the checkbox, specify value in the following field:
|
If administrators do not want to restrict the python modules that users can use, i.e., select the Allow Universal Imports checkbox (not recommended), then in such a case administrators assign ownership of connector configuration by setting a particular configuration to Private, allowing administrators to control who can view and execute the particular connector configuration. Setting a connector configuration to Private allows only the assigned team owners to view and execute the connector configuration as shown in the following image:
Similarly, administrators can also restrict the roles that are allowed to execute the python code, by clicking the Action tab, and then in the Execute Python Code (and Execute Python Code (Deprecated)) row, click the Assign Role(s) to Action icon to display the Assign Role(s) to Action dialog, where you can select the roles that would be able to perform the action. For example, in the following image, only the Security Administrator role can run the Execute Python Code action:
You can use the following automated operations in playbooks and also use the annotations to access operations:
| Function | Description | Annotation and Category |
|---|---|---|
| Execute Python Code | Execute the specified Python code as part of your playbooks. | run_cmd |
| Execute Python Code (Deprecated) | Execute the specified Python code as part of your playbooks. | run_cmd |
| Parameter | Description |
|---|---|
| Python Function | Enter the Python function that you want to run as part of the playbook. |
The output contains the following populated JSON schema:
{
"code_output": {}
}
| Parameter | Description |
|---|---|
| Python Function | Enter the Python function that you want to run as part of the playbook. |
The output contains the following populated JSON schema:
{
"code_output": {}
}
Some customizable settings ensure that the Code Snippet connector uses safe built-in functions.
IMPORTANT: Only the root user can configure these settings.
Open the /opt/cyops-integrations/integrations/configs/config.ini file, and in the [connector_configuration] section, add the following entry:
allow_only_safe_builtins = true
NOTE: In case your config.ini file does not have the [connector_configuration] section, then you must manually add the same in the file.
Run the following command:
touch /opt/cyops/configs/integrations/workspace/connector_dev_config.ini
After enabling safe built-ins, if you use any Python built-ins that are not supported in the Code Snippet connector, FortiSOAR will displays the following error:
"Invalid code snippet: Uses of ['<builtins_name>'] is restricted in the code snippet. Remove ['<builtins_name>'] from the code snippet and retry."
To add support for a specific built-in in the Code Snippet connector, follow these steps:
/opt/cyops-integrations/integrations/configs/config.ini file, and in the [connector_configuration] section, add the entry in the following format:
custom_builtins = ['1_built-ins_name', '2_built-ins_name']
For example,
custom_builtins = ['list','dict', 'eval']
root user to create a connector configuration file:
touch /opt/cyops/configs/integrations/workspace/connector_dev_config.ini
uwsgi service using the following command:
systemctl restart uwsgi