Overview

This guide contains information on how to customize and manage Fortinet Threat Intelligence Platform (FortiTIP Cloud), including system settings, security management, user management, and configuring multi-segmented networks.

It also provides a comprehensive overview of FortiTIP Cloud, designed to enhance an organization's ability to identify, manage, and respond to cyber threats in an effective and coordinated manner.

FortiTIP Cloud is a cloud-hosted threat intel platform designed to enhance an organization's ability to identify, manage, and respond to cyber threats in an effective and coordinated manner. The platform integrates several key functions including Outbreak Management, Threat Intel Search, Threat Intel Management, and CVE Correlation with Threat Feeds. These features work in tandem to provide a unified view of potential threats, vulnerabilities, and incidents across an organization's network and digital assets on customizable pre-built dashboards.

Key Features

The following are the key features of this solution:

• Outbreak Management: Provided by FortiGuard, this feature equips the platform with tools to monitor and manage the containment and resolution of widespread attacks or breaches. It enables organizations to rapidly assess the scope and impact, ensuring efficient coordination of response efforts.
• Threat Intel Search: The platform enables users to query FortiGuard's extensive threat intelligence database to uncover details about Indicators of Compromise (IOCs), including associated malware, threat actors, CVEs, and related threat correlations. This empowers analysts with contextual insights to accelerate threat validation and informed response.
• Threat Intelligence Management: This component allows users to collect, analyze, and store threat intelligence from multiple sources. It facilitates the enrichment of data with contextual insights to better understand the nature, intent, and tactics behind threats.
• CVE Correlation with Threat Feeds: By correlating CVE (Common Vulnerabilities and Exposures) data with active threat feeds, the platform helps organizations quickly identify which vulnerabilities are actively being targeted by adversaries. This feature enables proactive defense by focusing resources on high-risk vulnerabilities.

This Threat Intelligence Platform is a vital tool in enhancing cybersecurity resilience, providing organizations with the tools to stay ahead of evolving threats and mitigating risks before they become significant issues.

FortiTIP Cloud is built on the FortiSOAR platform and shares the same administrative interface and core configuration workflows. To avoid duplication and to ensure consistency, this documentation links to relevant sections of the FortiSOAR documentation where applicable. Unless otherwise noted, the procedures and settings described in the linked content apply equally to FortiTIP Cloud.

Getting Started

The Setup Guide helps administrators configure FortiTIP Cloud according to best practices. It covers essential configurations and the installation of solution packs for optimal performance, such as setting up network proxies, enabling audit logs, and configuring playbook features. For details, including permissions required to view the Setup Guide, see the section Prerequisites in Setup Guide documentation.

The minimum permissions required to view and use the Setup Guide are Read and Update permissions for both Security and Application and Read permission for Widget and Solution Pack. Additionally, ensure that the Enable Setup Guide option is selected on the Settings System Settings page, which is also the default setting.

When administrators log into FortiTIP Cloud for the first time, the Setup Guide is displayed. You can minimize it by clicking . To reopen, click the Setup Guide in the top-right corner of FortiTIP Cloud. To hide the icon, clear the Enable Setup Guide option on the Settings System Settings page.

For more details, refer to the section Setup Guide, under the chapter General Features & Navigation.

Tasks and Permissions

To manage different modules in FortiTIP Cloud, appropriate user roles and permissions must be assigned. In FortiTIP Cloud, modules are applied to roles, for example, the Security module is applied to the Security Administrator role. Permissions are based on the Create, Read, Update, and Delete model (CRUD). Each module within FortiTIP Cloud has explicit CRUD permissions that can be customized within a role.

For example, to perform all tasks for System Settings, you must be assigned a role that has CRUD permissions on the Application module, or to be able to add and manage users, you must be assigned a role that at the minimum has Create and Update permissions on the People module.

Task	Permissions required on the module
System Settings: Customizing FortiTIP Cloud and configure several default options used throughout the system, including setting up authentication mechanisms and configuring dashboards and templates.	Create, Read, Update, and Delete (CRUD) permissions on Application module. Default Role - Application Administrator.
Security management: Managing teams and roles.	CRUD permissions on Security module. Default Role - Security Administrator. The security administrator role also has CRUD permissions on the Secure Message Exchange and Tenants modules, so that this role can configure multi-tenant systems.
User management: Adding and removing users and editing their permissions.	CRUD permissions on People module.
Appliances management: Managing appliances and access keys.	CRUD permissions on Appliances module.
Password Vault management: Integrating with third-party external vaults to manage sensitive data	CRUD permissions on Connectors module and Read permission on Application module.
Playbook management: Configuring playbook collections and playbooks	CRUD permissions on Playbook module. Default Role - Playbook Administrator.