Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Products Best Practices Hardware Guides Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
    • More >>
    Unified SASE
  • Single Vendor SASE
  • Cloud Network Security
  • Secure Endpoint Connectivity
  • Web Application / API Protection
    • More >>
    Security Operations
  • Security Operations Automation
  • Identity
  • Early Detection & Prevention
    • More >>
    Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
  • Communication & Surveillance
    • Unified SASE
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Cloud Network Security
  • Cloud-Native Security
  • Web Application / API Protection
    • Security Operations
  • Security Operations Automation
  • Endpoint
  • Data Protection
  • Identity
  • Email
  • Early Detection & Prevention
  • Expert Services
  • Edge Firewall
  • Orchestration & management
  • SD Branch
  • Application Delivery
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Secure Private Access
  • Thin Edge
  • Identity
  • Application Gateway
  • Enterprise Asset Management
  • Endpoint Agent
  • Agentless Security Posture
  • Identity
  • Wireless
  • Switching
  • Identity
  • Privilege Acccess Management
  • Next Generation Firewall
  • Orchestration & management
  • Expert Services
  • All
  • All
  • Account Management
  • SAAS Management
  • SAAS Application Security
  • Managed Services
  • Platform as a service (PAAS)
  • Other SAAS Services
    • 4D Resources
    Solution Hubs
  • 4D Pillars
  • Cloud
  • Popular Solutions

    • Deployment Guide

    Home FortiSOAR 7.5.0 Deployment Guide
    7.5.0
    7.6.0
    7.5.0
    7.4.3
    7.4.2
    7.4.1
    7.4.0
    7.3.1
    7.3.0
    7.2.2
    7.2.1
    7.2.0
    7.0.2
    7.0.1
    7.0.0
    6.4.4
    6.4.3
    6.4.1
    6.4.0
    6.0.0

    Configuring FortiSOAR

    Configuring FortiSOAR

    This chapter describes the initial configuration steps required for setting up your FortiSOAR system.

    Logging on to FortiSOAR for the first time

    1. In a browser, enter the IP address that you had identified using the steps mentioned in the Determining your DHCP IP address section as and press Enter.
      For example, https://{Your_FortiSOAR_IP}
      This will display the Fortinet End-User License Agreement (EULA). You must accept the EULA before you can log onto FortiSOAR.
      Once you accept the EULA; the login screen is displayed as shown in the following image:
      Login Screen
    2. Login using the following credentials:
      Username: csadmin
      Password: changeme
      The UI password of the 'csadmin' user for AWS is set to the "instance_id" of your instance. To know the instance ID of your FortiSOAR AWS instance, you can SSH and run the cloud-init query instance_id command.
      If you are a 'csadmin' user, and you are logging into FortiSOAR for the first time, you will be mandated to change the default password. This enhances the security of your csadmin account and prevents unauthorized parties from accessing the administration account for FortiSOAR.
      New passwords that are set must contain at least 8 characters, one lower-case alphabet, one upper-case alphabet, one digit, and any one of the following special characters ~ ! @ # $ % ^ & * | ? _
      Once you enter the 'csadmin' username and default password the following screen is displayed, which prompts you to change the password:
      Changing your csadmin default password
      Ensure that you note down your csadmin password since if you forget your initial csadmin password, then you have to request FortiSOAR to reset this password. Also, when you are changing your csadmin password, you must ensure that you also update the email ID that is specified for csadmin, which by default is set to soc@fortinet.com (which is not a valid email ID). You can change the email ID by clicking the User Profile icon (User Profile icon) to open the User Profile page and change the email address in the Email field.
      Once you set a valid email ID in the user profile, then you would be able to reset your password, whenever required, by clicking the Forgot Password link on the login page.
      Important: It is also recommended that all new users should change their password when they first log on to FortiSOAR, irrespective of the complexity of the password assigned to the users.
      After you have changed the default password, FortiSOAR logs you into the application and by default displays the Dashboard page:
      Dashboard page

    Now you can begin configuring FortiSOAR for your network environment.

    Configuring SMTP for FortiSOAR

    The SMTP connector comes pre-configured with FortiSOAR and it is required to receive any system or email notifications, including requests for resetting passwords. The SMTP connector is part of a number of pre-installed connectors or built-ins that are included with FortiSOAR. By default, the SMTP connector is configured to use FortiSOAR appliance as an SMTP relay server. You must point it to a production SMTP server in your organization. For more information on configuring the SMTP connector, see the "FortiSOAR Built-in connectors" article.

    Caution

    When you configure the SMTP connector, ensure that you select the Mark As Default Configuration option for the configuration that will be used for sending system notifications.

    It is highly recommended that you review the Additional configuration settings for FortiSOAR chapter to understand the configurations that you should make in your FortiSOAR system before you begin to use FortiSOAR.

    Creating your first user and record

    Note

    The following steps provide a high-level view of how to get started with FortiSOAR. These steps are explained in detail in "Administrators Guide."
    1. Successfully log into FortiSOAR.
    2. Click the Settings (Settings icon) icon that is present in the upper right-hand corner near the User Profile icon.
      This displays the System page.
      Use the Security Management section to configure the following: Team Hierarchy, Teams, Roles, Users, Authentication, and Password Vault.
    3. Add a new team in FortiSOAR.
      You can also use the default teams that are present in FortiSOAR.
    4. Add a new role in FortiSOAR.
      You can also use default roles that are present in FortiSOAR.
      You provide user permissions on a module based on roles that you have assigned to that user.
      For example, if you want to provide a user with complete access to the Incident module, you must create a role that has Create, Read, Update, and Delete permissions on the Incident module and name it Incident Administrator. You must then assign that role to a user.
    5. Add a new user and assign an appropriate role to the user.
      For example, create a user John A and assign John A the Incident Administrator role.
    6. Create your first record.
      Log on to FortiSOAR as user John A, who has access to the Incident module. Click the Add button in the top bar of the Incidents module to open the Create New Alert form. Fill in the required details the Create New Incident form and click Save to create an incident.
    Previous
    Next

    Configuring FortiSOAR

    Configuring FortiSOAR

    This chapter describes the initial configuration steps required for setting up your FortiSOAR system.

    Logging on to FortiSOAR for the first time

    1. In a browser, enter the IP address that you had identified using the steps mentioned in the Determining your DHCP IP address section as and press Enter.
      For example, https://{Your_FortiSOAR_IP}
      This will display the Fortinet End-User License Agreement (EULA). You must accept the EULA before you can log onto FortiSOAR.
      Once you accept the EULA; the login screen is displayed as shown in the following image:
      Login Screen
    2. Login using the following credentials:
      Username: csadmin
      Password: changeme
      The UI password of the 'csadmin' user for AWS is set to the "instance_id" of your instance. To know the instance ID of your FortiSOAR AWS instance, you can SSH and run the cloud-init query instance_id command.
      If you are a 'csadmin' user, and you are logging into FortiSOAR for the first time, you will be mandated to change the default password. This enhances the security of your csadmin account and prevents unauthorized parties from accessing the administration account for FortiSOAR.
      New passwords that are set must contain at least 8 characters, one lower-case alphabet, one upper-case alphabet, one digit, and any one of the following special characters ~ ! @ # $ % ^ & * | ? _
      Once you enter the 'csadmin' username and default password the following screen is displayed, which prompts you to change the password:
      Changing your csadmin default password
      Ensure that you note down your csadmin password since if you forget your initial csadmin password, then you have to request FortiSOAR to reset this password. Also, when you are changing your csadmin password, you must ensure that you also update the email ID that is specified for csadmin, which by default is set to soc@fortinet.com (which is not a valid email ID). You can change the email ID by clicking the User Profile icon (User Profile icon) to open the User Profile page and change the email address in the Email field.
      Once you set a valid email ID in the user profile, then you would be able to reset your password, whenever required, by clicking the Forgot Password link on the login page.
      Important: It is also recommended that all new users should change their password when they first log on to FortiSOAR, irrespective of the complexity of the password assigned to the users.
      After you have changed the default password, FortiSOAR logs you into the application and by default displays the Dashboard page:
      Dashboard page

    Now you can begin configuring FortiSOAR for your network environment.

    Configuring SMTP for FortiSOAR

    The SMTP connector comes pre-configured with FortiSOAR and it is required to receive any system or email notifications, including requests for resetting passwords. The SMTP connector is part of a number of pre-installed connectors or built-ins that are included with FortiSOAR. By default, the SMTP connector is configured to use FortiSOAR appliance as an SMTP relay server. You must point it to a production SMTP server in your organization. For more information on configuring the SMTP connector, see the "FortiSOAR Built-in connectors" article.

    Caution

    When you configure the SMTP connector, ensure that you select the Mark As Default Configuration option for the configuration that will be used for sending system notifications.

    It is highly recommended that you review the Additional configuration settings for FortiSOAR chapter to understand the configurations that you should make in your FortiSOAR system before you begin to use FortiSOAR.

    Creating your first user and record

    Note

    The following steps provide a high-level view of how to get started with FortiSOAR. These steps are explained in detail in "Administrators Guide."
    1. Successfully log into FortiSOAR.
    2. Click the Settings (Settings icon) icon that is present in the upper right-hand corner near the User Profile icon.
      This displays the System page.
      Use the Security Management section to configure the following: Team Hierarchy, Teams, Roles, Users, Authentication, and Password Vault.
    3. Add a new team in FortiSOAR.
      You can also use the default teams that are present in FortiSOAR.
    4. Add a new role in FortiSOAR.
      You can also use default roles that are present in FortiSOAR.
      You provide user permissions on a module based on roles that you have assigned to that user.
      For example, if you want to provide a user with complete access to the Incident module, you must create a role that has Create, Read, Update, and Delete permissions on the Incident module and name it Incident Administrator. You must then assign that role to a user.
    5. Add a new user and assign an appropriate role to the user.
      For example, create a user John A and assign John A the Incident Administrator role.
    6. Create your first record.
      Log on to FortiSOAR as user John A, who has access to the Incident module. Click the Add button in the top bar of the Incidents module to open the Create New Alert form. Fill in the required details the Create New Incident form and click Save to create an incident.
    Previous
    Next