Integrate FortiManager with Google SecOps
This document explains how to integrate FortiManager with Google Security Operations (Google SecOps).
Integration version: 7.0
Integration parameters
The FortiManager integration requires the following parameters:
| Parameter | Description |
|---|---|
Verify SSL |
Optional. If selected, the integration validates the SSL certificate when connecting to FortiManager. Selected by default. |
Workflow Mode |
Optional. If selected, the integration uses workflow sessions to execute API requests if FortiManager is configured in workflow mode. Not selected by default. |
API Root |
Required. The API root of the FortiManager instance, such as The default value is |
Username |
Required. The username of the FortiManager account. |
Password |
Required. The password of the FortiManager account. |
For instructions about how to configure an integration in Google SecOps, see Configure integrations.
You can make changes at a later stage, if needed. After you configure an integration instance, you can use it in playbooks. For more information about how to configure and support multiple instances, see Supporting multiple instances.
Actions
For more information about actions, see Respond to pending actions from Your Workdesk and Perform a manual action.
Add IP to Group
Use the Add IP To Group action to create a firewall address object and add it to a suitable address group.
This action runs on the Google SecOps IP Address entity.
Action inputs
The Add IP To Group action requires the following parameters:
| Parameter | Description |
|---|---|
ADOM Name |
Required. The administrative domain (ADOM) name to use. The default value is |
Address Group Name |
Required. The address group name to add the address object. |
Action outputs
The Add IP To Group action provides the following outputs:
| Action output type | Availability |
|---|---|
| Case wall attachment | Not available |
| Case wall link | Not available |
| Case wall table | Not available |
| Enrichment table | Not available |
| JSON result | Not available |
| Script result | Available |
Script result
The following table lists the value for the script result output when using the Add IP To Group action:
| Script result name | Value |
|---|---|
is_success |
True or False |
Add URL to URL Filter
Use the Add URL to URL Filter action to add a new block record to a URL filter.
This action runs on the Google SecOps URL entity.
Action inputs
The Add URL to URL Filter action requires the following parameters:
| Parameter | Description |
|---|---|
ADOM Name |
Required. The ADOM name to use. The default value is |
Url Filter Name |
Required. The URL filter name to add a URL. |
Action outputs
The Add URL to URL Filter action provides the following outputs:
| Action output type | Availability |
|---|---|
| Case wall attachment | Not available |
| Case wall link | Not available |
| Case wall table | Not available |
| Enrichment table | Not available |
| JSON result | Not available |
| Script result | Available |
Script result
The following table lists the value for the script result output when using the Add URL to URL Filter action:
| Script result name | Value |
|---|---|
is_success |
True or False |
Execute Script
Use the Execute Script action to execute an existing script on a device group. To run this action on a single device, provide the virtual domain (VDOM).
This action runs on all Google SecOps entities.
Action inputs
The Execute Script action requires the following parameters:
| Parameter | Description |
|---|---|
ADOM Name |
Required. The ADOM name to execute the script. |
Policy Package Name |
Required. The full name of the policy package to execute the script, including the package name and any parent folders. |
Script Name |
Required. The name of the script to execute in FortiManager. |
Device Name |
Required. The name of the device on which to execute the script. |
VDOM |
Optional. The VDOM of the device in which to execute the script. |
Action outputs
The Execute Script action provides the following outputs:
| Action output type | Availability |
|---|---|
| Case wall attachment | Not available |
| Case wall link | Not available |
| Case wall table | Not available |
| Enrichment table | Not available |
| JSON result | Not available |
| Script result | Available |
Script result
The following table lists the value for the script result output when using the Execute Script action:
| Script result name | Value |
|---|---|
task_id |
TASK_ID |
Get Task Information
Use the Get Task Information action to obtain the task information using the task ID.
This action runs on all Google SecOps entities.
Action inputs
The Get Task Information action requires the following parameters:
| Parameter | Description |
|---|---|
Task ID |
Required. The ID of the FortiManager task for which to retrieve information. |
Action outputs
The Get Task Information action provides the following outputs:
| Action output type | Availability |
|---|---|
| Case wall attachment | Not available |
| Case wall link | Not available |
| Case wall table | Not available |
| Enrichment table | Not available |
| JSON result | Not available |
| Script result | Available |
Script result
The following table lists the value for the script result output when using the Get Task Information action:
| Script result name | Value |
|---|---|
is_success |
True or False |
Ping
Use the Ping action to test the connectivity to FortiManager.
This action doesn't run on Google SecOps entities.
Action inputs
None.
Action outputs
The Ping action provides the following outputs:
| Action output type | Availability |
|---|---|
| Case wall attachment | Not available |
| Case wall link | Not available |
| Case wall table | Not available |
| Enrichment table | Not available |
| JSON result | Not available |
| Script result | Available |
Script result
The following table lists the value for the script result output when using the Ping action:
| Script result name | Value |
|---|---|
is_success |
True or False |
Remove IP From Group
Use the Remove IP From Group action to remove a firewall address object from an address group and delete the firewall address object.
This action runs on the Google SecOps IP Address entity.
Action inputs
The Remove IP From Group action requires the following parameters:
| Parameter | Description |
|---|---|
ADOM Name |
Required. The name of the ADOM to run the action. The default value is |
Address Group Name |
Required. The name of the address group from which to remove the address object. |
Action outputs
The Remove IP From Group action provides the following outputs:
| Action output type | Availability |
|---|---|
| Case wall attachment | Not available |
| Case wall link | Not available |
| Case wall table | Not available |
| Enrichment table | Not available |
| JSON result | Not available |
| Script result | Available |
Script result
The following table lists the value for the script result output when using the Remove IP From Group action:
| Script result name | Value |
|---|---|
is_success |
True or False |
Remove URL From URL Filter
Use the Remove URL From URL Filter action to remove a block record from a URL filter.
This action runs on the Google SecOps URL entity.
Action inputs
The Remove URL From URL Filter action requires the following parameters:
| Parameter | Description |
|---|---|
ADOM Name |
Required. The name of the ADOM to run the action. The default value is |
Url Filter Name |
Required. The name of the URL filter from which to remove the URL. |
Action outputs
The Remove URL From URL Filter action provides the following outputs:
| Action output type | Availability |
|---|---|
| Case wall attachment | Not available |
| Case wall link | Not available |
| Case wall table | Not available |
| Enrichment table | Not available |
| JSON result | Not available |
| Script result | Available |
Script result
The following table lists the value for the script result output when using the Remove URL From URL Filter action:
| Script result name | Value |
|---|---|
is_success |
True or False |
Need more help? Get answers from Community members and Google SecOps professionals.