Fortinet black logo

Google Cloud Platform Whitelist Feed

Google Cloud Platform Whitelist Feed v1.0.0

1.0.0
Copy Link
Copy Doc ID 9dee27e3-bca0-11ed-8e6d-fa163e15d75b:525

About the connector

Google Cloud Platform publishes its current IP address ranges in JSON format. This connector facilitates automated operations to fetch these indicators and ingestion of daily threat feeds. This connector has a dependency on the Threat Intel Management Solution Pack. Install the Solution Pack before enabling ingestion of threat feeds from this source.

This document provides information about the Google Cloud Platform Whitelist Feed Connector, which facilitates automated interactions, with a Google Cloud Platform Whitelist Feed server using FortiSOAR™ playbooks. Add the Google Cloud Platform Whitelist Feed Connector as a step in FortiSOAR™ playbooks and perform automated operations with Google Cloud Platform Whitelist Feed.

Version information

Connector Version: 1.0.0

FortiSOAR™ Version Tested on: 7.3.1-234

Google Cloud Platform Whitelist Feed Version Tested on: Google Cloud

Authored By: Fortinet

Certified: Yes

Installing the connector

Use the Content Hub to install the connector. For the detailed procedure to install a connector, click here.

You can also use the yum command as a root user to install the connector:

yum install cyops-connector-google-cloud-platform-whitelist-feed

Prerequisites to configuring the connector

  • You must have the URL of Google Cloud Platform Whitelist Feed server to connect and perform automated operations and credentials to access that server.
  • The FortiSOAR™ server should have outbound connectivity to port 443 on the Google Cloud Platform Whitelist Feed server.

Minimum Permissions Required

  • Not Applicable

Configuring the connector

For the procedure to configure a connector, click here

Configuration parameters

In FortiSOAR™, on the Connectors page, click the Google Cloud Platform Whitelist Feed connector row (if you are in the Grid view on the Connectors page) and in the Configurations tab enter the required configuration details:

Parameter Description
Server URL The service-based URL to connect and perform the automated operations.
Verify SSL Specifies whether the SSL certificate for the server is to be verified or not.
By default, this option is set to True.

Actions supported by the connector

The following automated operations can be included in playbooks and you can also use the annotations to access operations from FortiSOAR™ release 4.10.0 and onwards:

Function Description Annotation and Category
Get IP Ranges Retrieves the IP ranges that Google publishes for users on the internet. get_ip_ranges
Investigation

operation: Get IP Ranges

Input parameters

Parameter Description
File Select the file source from which to fetch the data. Select any or all of the following options:
  • IP ranges that Google makes available to users on the internet
  • Global and regional external IP address ranges for customer's Google Cloud resources

Output

The output contains the following populated JSON schema:
{
"syncToken": "",
"creationTime": "",
"prefixes": [
{
"ipv4Prefix": "",
"service": "",
"scope": ""
},
{
"ipv6Prefix": "",
"service": "",
"scope": ""
}
]
}

Included playbooks

The Sample - Google Cloud Platform Whitelist Feed - 1.0.0 playbook collection comes bundled with the Google Cloud Platform Whitelist Feed connector. These playbooks contain steps using which you can perform all supported actions. You can see bundled playbooks in the Automation > Playbooks section in FortiSOARTM after importing the Google Cloud Platform Whitelist Feed connector.

  • > GCP Whitelist Feed > Fetch and Create
  • GCP Whitelist Feed > Ingest
  • Get IP Ranges

Note: If you are planning to use any of the sample playbooks in your environment, ensure that you clone those playbooks and move them to a different collection, since the sample playbook collection gets deleted during connector upgrade and delete.

Data Ingestion Support

Use the Data Ingestion Wizard to easily ingest data into FortiSOAR™ by pulling data from Google Cloud Platform. For more information on the Data Ingestion Wizard, see the Connectors Guide in the FortiSOAR™ product documentation.

Configure Data Ingestion

You can configure data ingestion using the Data Ingestion Wizard to seamlessly map Google Cloud Platform content to related FortiSOAR™ modules.

  1. To begin configuring data ingestion, click Configure Data Ingestion on the Google Cloud Platform connector's Configurations page.
    Click Let's Start by fetching some data, to open the Fetch Sample Data screen.

    Sample data is required to create a field mapping between Google Cloud Platform data and FortiSOAR™. The sample data is pulled from connector actions or ingestion playbooks.
  2. On the Fetch Data screen, provide the configurations required to fetch Google Cloud Platform data.
    You can pull threat intel feeds from Google Cloud Platform Whitelist Feed and add custom confidence, reputation and TLP. The fetched data is used to create a mapping between the Google Cloud Platform data and FortiSOAR™ indicators.

    Once you have completed specifying the configurations, click Fetch Data.
  3. On the Field Mapping screen, map the fields of a Google Cloud Platform indicators to the fields of an indicator present in FortiSOAR™.

    For more information on field mapping, see the Data Ingestionchapter in the Connectors Guide in the FortiSOAR™ product documentation. Once you have completed mapping fields, click Save Mapping & Continue.

  4. (Optional) Use the Scheduling screen to configure schedule-based ingestion, i.e., specify the polling frequency to Google Cloud Platform, so that the content gets pulled from the Google Cloud Platform integration into FortiSOAR™.
    On the Scheduling screen, from the Do you want to schedule the ingestion? drop-down list, select Yes.
    In the Configure Schedule Settings section, specify the Cron expression for the schedule. For example, if you want to pull data from Google Cloud Platform every 5 minutes, click Every X Minute and in the minute box enter */5. This would mean that based on the configuration you have set up, data, i.e., indicators will be pulled from Google Cloud Platform every 5 minutes.

    Once you have completed scheduling, click Save Settings & Continue.

  5. The Summary screen displays a summary of the mapping done, and it also contains links to the Ingestion playbooks. Click Done to complete the data ingestion and exit the Data Ingestion Wizard.

Previous
Next

About the connector

Google Cloud Platform publishes its current IP address ranges in JSON format. This connector facilitates automated operations to fetch these indicators and ingestion of daily threat feeds. This connector has a dependency on the Threat Intel Management Solution Pack. Install the Solution Pack before enabling ingestion of threat feeds from this source.

This document provides information about the Google Cloud Platform Whitelist Feed Connector, which facilitates automated interactions, with a Google Cloud Platform Whitelist Feed server using FortiSOAR™ playbooks. Add the Google Cloud Platform Whitelist Feed Connector as a step in FortiSOAR™ playbooks and perform automated operations with Google Cloud Platform Whitelist Feed.

Version information

Connector Version: 1.0.0

FortiSOAR™ Version Tested on: 7.3.1-234

Google Cloud Platform Whitelist Feed Version Tested on: Google Cloud

Authored By: Fortinet

Certified: Yes

Installing the connector

Use the Content Hub to install the connector. For the detailed procedure to install a connector, click here.

You can also use the yum command as a root user to install the connector:

yum install cyops-connector-google-cloud-platform-whitelist-feed

Prerequisites to configuring the connector

Minimum Permissions Required

Configuring the connector

For the procedure to configure a connector, click here

Configuration parameters

In FortiSOAR™, on the Connectors page, click the Google Cloud Platform Whitelist Feed connector row (if you are in the Grid view on the Connectors page) and in the Configurations tab enter the required configuration details:

Parameter Description
Server URL The service-based URL to connect and perform the automated operations.
Verify SSL Specifies whether the SSL certificate for the server is to be verified or not.
By default, this option is set to True.

Actions supported by the connector

The following automated operations can be included in playbooks and you can also use the annotations to access operations from FortiSOAR™ release 4.10.0 and onwards:

Function Description Annotation and Category
Get IP Ranges Retrieves the IP ranges that Google publishes for users on the internet. get_ip_ranges
Investigation

operation: Get IP Ranges

Input parameters

Parameter Description
File Select the file source from which to fetch the data. Select any or all of the following options:
  • IP ranges that Google makes available to users on the internet
  • Global and regional external IP address ranges for customer's Google Cloud resources

Output

The output contains the following populated JSON schema:
{
"syncToken": "",
"creationTime": "",
"prefixes": [
{
"ipv4Prefix": "",
"service": "",
"scope": ""
},
{
"ipv6Prefix": "",
"service": "",
"scope": ""
}
]
}

Included playbooks

The Sample - Google Cloud Platform Whitelist Feed - 1.0.0 playbook collection comes bundled with the Google Cloud Platform Whitelist Feed connector. These playbooks contain steps using which you can perform all supported actions. You can see bundled playbooks in the Automation > Playbooks section in FortiSOARTM after importing the Google Cloud Platform Whitelist Feed connector.

Note: If you are planning to use any of the sample playbooks in your environment, ensure that you clone those playbooks and move them to a different collection, since the sample playbook collection gets deleted during connector upgrade and delete.

Data Ingestion Support

Use the Data Ingestion Wizard to easily ingest data into FortiSOAR™ by pulling data from Google Cloud Platform. For more information on the Data Ingestion Wizard, see the Connectors Guide in the FortiSOAR™ product documentation.

Configure Data Ingestion

You can configure data ingestion using the Data Ingestion Wizard to seamlessly map Google Cloud Platform content to related FortiSOAR™ modules.

  1. To begin configuring data ingestion, click Configure Data Ingestion on the Google Cloud Platform connector's Configurations page.
    Click Let's Start by fetching some data, to open the Fetch Sample Data screen.

    Sample data is required to create a field mapping between Google Cloud Platform data and FortiSOAR™. The sample data is pulled from connector actions or ingestion playbooks.
  2. On the Fetch Data screen, provide the configurations required to fetch Google Cloud Platform data.
    You can pull threat intel feeds from Google Cloud Platform Whitelist Feed and add custom confidence, reputation and TLP. The fetched data is used to create a mapping between the Google Cloud Platform data and FortiSOAR™ indicators.

    Once you have completed specifying the configurations, click Fetch Data.
  3. On the Field Mapping screen, map the fields of a Google Cloud Platform indicators to the fields of an indicator present in FortiSOAR™.

    For more information on field mapping, see the Data Ingestionchapter in the Connectors Guide in the FortiSOAR™ product documentation. Once you have completed mapping fields, click Save Mapping & Continue.

  4. (Optional) Use the Scheduling screen to configure schedule-based ingestion, i.e., specify the polling frequency to Google Cloud Platform, so that the content gets pulled from the Google Cloud Platform integration into FortiSOAR™.
    On the Scheduling screen, from the Do you want to schedule the ingestion? drop-down list, select Yes.
    In the Configure Schedule Settings section, specify the Cron expression for the schedule. For example, if you want to pull data from Google Cloud Platform every 5 minutes, click Every X Minute and in the minute box enter */5. This would mean that based on the configuration you have set up, data, i.e., indicators will be pulled from Google Cloud Platform every 5 minutes.

    Once you have completed scheduling, click Save Settings & Continue.

  5. The Summary screen displays a summary of the mapping done, and it also contains links to the Ingestion playbooks. Click Done to complete the data ingestion and exit the Data Ingestion Wizard.

Previous
Next