FortiManager

Integration version: 7.0

Configure FortiManager integration in Google Security Operations SOAR

For detailed instructions on how to configure an integration in Google Security Operations SOAR, see Configure integrations.

Integration parameters

Use the following parameters to configure the integration:

Parameters Type Default Value Is Mandatory Description
API Root String https://x.x.x.x:port Yes API root of the FortiManager instance.
Username String N/A Yes Username of the FortiManager account.
Password Password N/A Yes Password of the FortiManager account.
Verify SSL Checkbox Unchecked No If enabled, the integration verifies that the SSL certificate for the connection to the FortiManager is valid.
Workflow Mode Checkbox Unchecked No If enabled, the integration uses workflow sessions to execute API requests. This parameter is mandatory if FortiManager is configured in the workflow mode.

Actions

Add IP to Group

Description

Create a firewall address object and add it to a suitable address group.

Parameters

Parameters Type Default Value Description
ADOM Name String N/A The name of the ADOM. Default: root.
Address Group Name String N/A The name of the address group to add to address object to.

Use cases

N/A

Run On

This action runs on the IP Address entity.

Action Results

Entity Enrichment

N/A

Insights

N/A

Script Result
Script Result Name Value Options Example
is_success True/False is_success:False
JSON Result
N/A

Add URL to URL Filter

Description

Add a new block record to a URL filter by its name.

Parameters

Parameter Type Default Value Description
ADOM Name String N/A The name of the ADOM. Default: root.
URL Filter Name String N/A The name of the URL filter to add record to.

Use cases

N/A

Run On

This action runs on the URL entity.

Action Results

Entity Enrichment

N/A

Insights

N/A

Script Result
Script Result Name Value Options Example
is_success True/False is_success:False
JSON Result
N/A

Execute Script

Description

Execute an existing script. It can be executed on a device group, and on a single device if the VDOM is provided.

Parameters

Parameter Type Default Value Description
ADOM Name String N/A The name of the ADOM. Default: root.
Policy Package Name String N/A The full name of the package, including package name and any parent folders.
Script Name String N/A The name of the script to execute.
Device Name String N/A The name of the device to execute the script on.
VDOM String N/A The virtual domain of the device.

Use cases

N/A

Run On

This action runs on all entities.

Action Results

Entity Enrichment

N/A

Insights

N/A

Script Result
Script Result Name Value Options Example
task_id N/A N/A
JSON Result
N/A

Get Task Information

Description

Get task information by the ID.

Parameters

Parameter Type Default Value Description
Task ID String N/A The ID of the task to get information about.

Use cases

N/A

Run On

This action runs on all entities.

Action Results

Entity Enrichment

N/A

Insights

N/A

Script Result
Script Result Name Value Options Example
is_success True/False is_success:False
JSON Result
N/A

Ping

Description

Test integration connectivity.

Parameters

N/A

Use cases

N/A

Run On

This action runs on all entities.

Action Results

Entity Enrichment

N/A

Insights

N/A

Script Result
Script Result Name Value Options Example
is_success True/False is_success:False
JSON Result
N/A

Remove IP From Group

Description

Remove a firewall address object from a suitable address group and delete the firewall address object.

Parameters

Parameter Type Default Value Description
ADOM Name String N/A The name of the ADOM. Default: root.
Address Group Name String N/A The name of the address group to remove the address from.

Use cases

N/A

Run On

This action runs on the IP Address entity.

Action Results

Entity Enrichment

N/A

Insights

N/A

Script Result
Script Result Name Value Options Example
is_success True/False is_success:False
JSON Result
N/A

Remove URL From URL Filter

Description

Remove a block record from a URL filter by its name.

Parameters

Parameter Type Default Value Description
ADOM Name String N/A The name of the ADOM. Default: root.
URL Filter Name String N/A The name of the URL filter to remove the record from.

Use cases

N/A

Run On

This action runs on the URL entity.

Action Results

Entity Enrichment

N/A

Insights

N/A

Script Result
Script Result Name Value Options Example
is_success True/False is_success:False
JSON Result
N/A