About the connector
Fortinet Web Filter Lookup allows users to check the category and classification for any Domain or URL.
This document provides information about the Fortinet Web Filter Lookup connector, which facilitates automated interactions, with the Fortinet Web Filter Lookup server using FortiSOAR™ playbooks. Add the Fortinet Web Filter Lookup connector as a step in FortiSOAR™ playbooks and perform automated operations, such as checking the categorization of a domain or URL you have specified on Fortinet Web Filter Lookup.
The Fortinet Web Filter Lookup playbook collection contains pluggable enrichment playbooks that are used to provide verdicts for indicator types URL and Domain. For more information, see the Pluggable Enrichment topic.
Version information
Connector Version: 2.0.0
FortiSOAR™ Version Tested on: 7.4.0-3024
Authored By: Fortinet
Certified: Yes
Release Notes for version 2.0.0
The following enhancements have been made to the Fortinet Web Filter Lookup Connector in version 2.0.0:
- Updated the connector endpoint to consume FortiGuard's premium API.
- Added a new configuration parameter named "Token" which is the API token used to access FortiGuard's premium API.
To generate a token for Fortinet Web Filter Lookup, do the following:
- Open the Fortinet Developer Network.
- Click Tools > FortiGuard.
- From the left menu, select the Web Filter Rating Lookup option.
- On the
Web Filter Rating Lookup page, click the Access Token button.
This generates the token for Fortinet Web Filter Lookup.
Installing the connector
Use the Content Hub to install the connector. For the detailed procedure to install a connector, click here.
You can also use the following yum command as a root user to install connectors from an SSH session:
yum install cyops-connector-fortinet-web-filter-lookup
Prerequisites to configuring the connector
- You must have the API token used to access FortiGuard's premium API for performing automated operations.
- The FortiSOAR™ server should have outbound connectivity to port 443 on the Fortinet Web Filter Lookup server.
Minimum Permissions Required
Configuring the connector
For the procedure to configure a connector, click here.
Configuration parameters
In FortiSOAR™, on the Content Hub (or Connector Store) page, click the Manage tab, and then click the Fortinet Web Filter Lookup connector card. On the connector popup, click the Configurations tab to enter the required configuration details:
| Parameter |
Description |
| Server URL |
The URL of the Fortinet Web Filter Lookup endpoint that will be used to consume the premium API for FortiGuard. By default, it is set to https://premiumapi.fortinet.com. For more information on Premium Services offered by FortiGuard, see the FortiGuard Lab's Premium Services page. |
| Token |
The API access token used to connect to the premium API for FortiGuard and perform automated operations. For information on generating an access token, see the Generating the Access Token topic. |
| Verify SSL |
Specifies whether the SSL certificate for the server is to be verified or not.
By default, this option is set as True. |
Actions supported by the connector
The following automated operations can be included in playbooks, and you can also use the annotations to access operations from FortiSOAR™:
| Function |
Description |
Annotation and Category |
| Check Category of Domain or URL |
Checks the categorization of the domain or URL you have specified and retrieves the category and information about the specified domain or URL from Fortinet Web Filter Lookup. |
url_review
Investigation |
operation: Check Category of Domain or URL
Input parameters
| Parameter |
Description |
| Submit Domain/URL |
Valid Domain or URL that you want to submit to Fortinet Web Filter Lookup for the review process and whose categorization and information you want to retrieve from Fortinet Web Filter Lookup. |
Output
The output contains the following populated JSON schema:
{
"url": "",
"info": "",
"category": ""
}
Included playbooks
The Sample - Fortinet Web Filter Lookup - 2.0.0 playbook collection comes bundled with the Fortinet Web Filter Lookup connector. These playbooks contain steps using which you can perform all supported actions. You can see bundled playbooks in the Automation > Playbooks section in FortiSOAR™ after importing the Fortinet Web Filter Lookup connector.
- Check Category of Domain or URL
- URL / Domain > Fortinet Web Filter Lookup > Enrichment
Note: If you are planning to use any of the sample playbooks in your environment, ensure that you clone those playbooks and move them to a different collection since the sample playbook collection gets deleted during the connector upgrade and delete.
Pluggable Enrichment
The Sample - Fortinet Web Filter Lookup - 2.0.0 playbook collection contains pluggable enrichment playbooks that are used to provide verdicts for indicator types URL and Domain. The pluggable enrichment playbooks are in the format: '<indicator type> > Fortinet Web Filter Lookup > Enrichment'. For example, 'URL > Fortinet Web Filter Lookup > Enrichment'.
Based on the Fortinet Web Filter Lookup integration API response following variables are returned:
| Variable Name |
Description |
Return Value |
cti_name |
The name of the connector is called the CTI (Cyber Threat Intelligence) name |
FortinetWebFilterLookup |
source_data |
The source_data response returned by the integration API. |
A JSON response object containing the source data of the threat intelligence integration. |
enrichment_summary |
The contents that are added, in the HTML format, in the 'Description' field of the specified FortiSOAR indicator record. |
The following values are returned in the HTML format:
The following image displays a sample of the populated 'Description' field in a FortiSOAR indicator record:
 |
