Fortinet Web Filter Lookup allows users to check the category and classification for any Domain or URL.
This document provides information about the Fortinet Web Filter Lookup connector, which facilitates automated interactions, with the Fortinet Web Filter Lookup server using FortiSOAR™ playbooks. Add the Fortinet Web Filter Lookup connector as a step in FortiSOAR™ playbooks and perform automated operations, such as checking the categorization of a domain or URL you have specified on Fortinet Web Filter Lookup.
The Fortinet Web Filter Lookup playbook collection contains pluggable enrichment playbooks that are used to provide verdicts for indicator types URL and Domain. For more information, see the Pluggable Enrichment topic.
Connector Version: 2.0.0
FortiSOAR™ Version Tested on: 7.4.0-3024
Authored By: Fortinet
Certified: Yes
The following enhancements have been made to the Fortinet Web Filter Lookup Connector in version 2.0.0:
To generate a token for Fortinet Web Filter Lookup, do the following:
Web Filter Rating Lookup
page, click the Access Token button.Use the Content Hub to install the connector. For the detailed procedure to install a connector, click here.
You can also use the following yum command as a root
user to install connectors from an SSH session:
yum install cyops-connector-fortinet-web-filter-lookup
For the procedure to configure a connector, click here.
In FortiSOAR™, on the Content Hub (or Connector Store) page, click the Manage tab, and then click the Fortinet Web Filter Lookup connector card. On the connector popup, click the Configurations tab to enter the required configuration details:
Parameter | Description |
---|---|
Server URL | The URL of the Fortinet Web Filter Lookup endpoint that will be used to consume the premium API for FortiGuard. By default, it is set to https://premiumapi.fortinet.com . For more information on Premium Services offered by FortiGuard, see the FortiGuard Lab's Premium Services page. |
Token | The API access token used to connect to the premium API for FortiGuard and perform automated operations. For information on generating an access token, see the Generating the Access Token topic. |
Verify SSL | Specifies whether the SSL certificate for the server is to be verified or not. By default, this option is set as True. |
The following automated operations can be included in playbooks, and you can also use the annotations to access operations from FortiSOAR™:
Function | Description | Annotation and Category |
---|---|---|
Check Category of Domain or URL | Checks the categorization of the domain or URL you have specified and retrieves the category and information about the specified domain or URL from Fortinet Web Filter Lookup. | url_review Investigation |
Parameter | Description |
---|---|
Submit Domain/URL | Valid Domain or URL that you want to submit to Fortinet Web Filter Lookup for the review process and whose categorization and information you want to retrieve from Fortinet Web Filter Lookup. |
The output contains the following populated JSON schema:
{
"url": "",
"info": "",
"category": ""
}
The Sample - Fortinet Web Filter Lookup - 2.0.0
playbook collection comes bundled with the Fortinet Web Filter Lookup connector. These playbooks contain steps using which you can perform all supported actions. You can see bundled playbooks in the Automation > Playbooks section in FortiSOAR™ after importing the Fortinet Web Filter Lookup connector.
Note: If you are planning to use any of the sample playbooks in your environment, ensure that you clone those playbooks and move them to a different collection since the sample playbook collection gets deleted during the connector upgrade and delete.
The Sample - Fortinet Web Filter Lookup - 2.0.0
playbook collection contains pluggable enrichment playbooks that are used to provide verdicts for indicator types URL and Domain. The pluggable enrichment playbooks are in the format: '<indicator type>
> Fortinet Web Filter Lookup > Enrichment'. For example, 'URL > Fortinet Web Filter Lookup > Enrichment'.
Based on the Fortinet Web Filter Lookup integration API response following variables are returned:
Variable Name | Description | Return Value |
---|---|---|
cti_name |
The name of the connector is called the CTI (Cyber Threat Intelligence) name | FortinetWebFilterLookup |
source_data |
The source_data response returned by the integration API. | A JSON response object containing the source data of the threat intelligence integration. |
enrichment_summary |
The contents that are added, in the HTML format, in the 'Description' field of the specified FortiSOAR indicator record. |
The following values are returned in the HTML format:
The following image displays a sample of the populated 'Description' field in a FortiSOAR indicator record: |
Fortinet Web Filter Lookup allows users to check the category and classification for any Domain or URL.
This document provides information about the Fortinet Web Filter Lookup connector, which facilitates automated interactions, with the Fortinet Web Filter Lookup server using FortiSOAR™ playbooks. Add the Fortinet Web Filter Lookup connector as a step in FortiSOAR™ playbooks and perform automated operations, such as checking the categorization of a domain or URL you have specified on Fortinet Web Filter Lookup.
The Fortinet Web Filter Lookup playbook collection contains pluggable enrichment playbooks that are used to provide verdicts for indicator types URL and Domain. For more information, see the Pluggable Enrichment topic.
Connector Version: 2.0.0
FortiSOAR™ Version Tested on: 7.4.0-3024
Authored By: Fortinet
Certified: Yes
The following enhancements have been made to the Fortinet Web Filter Lookup Connector in version 2.0.0:
To generate a token for Fortinet Web Filter Lookup, do the following:
Web Filter Rating Lookup
page, click the Access Token button.Use the Content Hub to install the connector. For the detailed procedure to install a connector, click here.
You can also use the following yum command as a root
user to install connectors from an SSH session:
yum install cyops-connector-fortinet-web-filter-lookup
For the procedure to configure a connector, click here.
In FortiSOAR™, on the Content Hub (or Connector Store) page, click the Manage tab, and then click the Fortinet Web Filter Lookup connector card. On the connector popup, click the Configurations tab to enter the required configuration details:
Parameter | Description |
---|---|
Server URL | The URL of the Fortinet Web Filter Lookup endpoint that will be used to consume the premium API for FortiGuard. By default, it is set to https://premiumapi.fortinet.com . For more information on Premium Services offered by FortiGuard, see the FortiGuard Lab's Premium Services page. |
Token | The API access token used to connect to the premium API for FortiGuard and perform automated operations. For information on generating an access token, see the Generating the Access Token topic. |
Verify SSL | Specifies whether the SSL certificate for the server is to be verified or not. By default, this option is set as True. |
The following automated operations can be included in playbooks, and you can also use the annotations to access operations from FortiSOAR™:
Function | Description | Annotation and Category |
---|---|---|
Check Category of Domain or URL | Checks the categorization of the domain or URL you have specified and retrieves the category and information about the specified domain or URL from Fortinet Web Filter Lookup. | url_review Investigation |
Parameter | Description |
---|---|
Submit Domain/URL | Valid Domain or URL that you want to submit to Fortinet Web Filter Lookup for the review process and whose categorization and information you want to retrieve from Fortinet Web Filter Lookup. |
The output contains the following populated JSON schema:
{
"url": "",
"info": "",
"category": ""
}
The Sample - Fortinet Web Filter Lookup - 2.0.0
playbook collection comes bundled with the Fortinet Web Filter Lookup connector. These playbooks contain steps using which you can perform all supported actions. You can see bundled playbooks in the Automation > Playbooks section in FortiSOAR™ after importing the Fortinet Web Filter Lookup connector.
Note: If you are planning to use any of the sample playbooks in your environment, ensure that you clone those playbooks and move them to a different collection since the sample playbook collection gets deleted during the connector upgrade and delete.
The Sample - Fortinet Web Filter Lookup - 2.0.0
playbook collection contains pluggable enrichment playbooks that are used to provide verdicts for indicator types URL and Domain. The pluggable enrichment playbooks are in the format: '<indicator type>
> Fortinet Web Filter Lookup > Enrichment'. For example, 'URL > Fortinet Web Filter Lookup > Enrichment'.
Based on the Fortinet Web Filter Lookup integration API response following variables are returned:
Variable Name | Description | Return Value |
---|---|---|
cti_name |
The name of the connector is called the CTI (Cyber Threat Intelligence) name | FortinetWebFilterLookup |
source_data |
The source_data response returned by the integration API. | A JSON response object containing the source data of the threat intelligence integration. |
enrichment_summary |
The contents that are added, in the HTML format, in the 'Description' field of the specified FortiSOAR indicator record. |
The following values are returned in the HTML format:
The following image displays a sample of the populated 'Description' field in a FortiSOAR indicator record: |