Configuring FortiSOAR
This chapter describes the initial configuration steps required for setting up your FortiSOAR system.
Logging on to FortiSOAR for the first time
- In a browser, enter the IP address that you had identified using the steps mentioned in the Determining your DHCP IP address section as and press
Enter
.
For example, https://{Your_FortiSOAR_IP}
This will display the Fortinet End-User License Agreement (EULA). You must accept the EULA before you can log onto FortiSOAR.
Once you accept the EULA; the login screen is displayed as shown in the following image:
- Login using the following credentials:
Username: csadmin
Password: changeme
The UI password of the 'csadmin' user for AWS is set to the "instance_id" of your instance. To know the instance ID of your FortiSOAR AWS instance, you can SSH and run thecloud-init query instance_id
command.
If you are a 'csadmin' user, and you are logging into FortiSOAR for the first time, you will be mandated to change the default password. This enhances the security of your csadmin account and prevents unauthorized parties from accessing the administration account for FortiSOAR. Ensure that you note down your csadmin password since if you forget your initial csadmin password, then you have to request FortiSOAR to reset this password. Also, when you are changing your csadmin password, you must ensure that you also update the email ID that is specified for csadmin, which by default is set tosoc@fortinet.com
(which is not a valid email ID). You can change the email ID by clicking the User Profile icon () to open theUser Profile
page and change the email address in the Email field. Once you set a valid email ID in the user profile, then you would be able to reset your password, whenever required, by clicking the Forgot Password link on the login page.
Important: It is also recommended that all new users should change their password when they first log on to FortiSOAR, irrespective of the complexity of the password assigned to the users.
After you have changed the default password, FortiSOAR logs you into the application and by default displays the Dashboard page:
Now you can begin configuring FortiSOAR for your network environment.
Configuring SMTP for FortiSOAR
You must configure the SMTP connector to receive any system or email notifications, including requests for resetting passwords. The SMTP connector is part of a number of pre-installed connectors or built-ins that are included with FortiSOAR. By default, the SMTP connector is configured to use FortiSOAR appliance as an SMTP relay server. You must point it to a production SMTP server in your organization. For more information on configuring the SMTP connector, see the "FortiSOAR Built-in connectors" article.
When you configure the SMTP connector, ensure that you select the Mark As Default Configuration option for the configuration that will be used for sending system notifications. |
It is highly recommended that you review the Additional configuration settings for FortiSOAR chapter to understand the configurations that you should make in your FortiSOAR system before you begin to use FortiSOAR.
Creating your first user and record
The following steps provide a high-level view of how to get started with FortiSOAR. These steps are explained in detail in "Beginners Tutorial to FortiSOAR for Administrators." |
- Successfully log into FortiSOAR.
- Click the Settings () icon that is present in the upper right-hand corner near the User Profile icon.
This displays theSystem
page.
Use theSecurity Management
section to configure the following: Team Hierarchy, Teams, Roles, Users, Authentication, and Password Vault. - Add a new team in FortiSOAR.
You can also use the default teams that are present in FortiSOAR. - Add a new role in FortiSOAR.
You can also use default roles that are present in FortiSOAR.
You provide user permissions on a module based on roles that you have assigned to that user.
For example, if you want to provide a user with complete access to the Incident module, you must create a role that hasCreate
,Read
,Update
, andDelete
permissions on the Incident module and name it Incident Administrator. You must then assign that role to a user. - Add a new user and assign an appropriate role to the user.
For example, create a user John A and assign John A the Incident Administrator role. - Create your first record.
Log on to FortiSOAR as user John A, who has access to theIncident
module. Click the Add button in the top bar of theIncidents
module to open theCreate New Alert
form. Fill in the required details theCreate New Incident
form and click Save to create an incident.