Fortinet black logo

New Features

Home FortiAnalyzer 6.4.0 New Features

EMS Connector

6.4.0
7.4.0
7.2.0
7.0.0
6.4.0
6.2.3
6.2.2
6.2.1
6.2.0
Copy Link
Copy Doc ID 437aa0e1-63d2-11ea-9384-00505692583a:350431
Download PDF

EMS Connector

EMS connector on FortiAnalyzer allows automation playbooks to reach out to endpoints and collect information or take containment actions.

To configure an EMS connector for use in FortiSoC playbooks:
  1. Configure a FortiClient EMS 6.4.0 server which supports the FortiAnalyzer EMS connector feature.
  2. Register FortiClient to the EMS server. In the example below, two FortiClients have been registered.
  3. In FortiClient EMS System Settings, configure FortiClient EMS to send logs to FortiAnalyzer.
  4. In FortiAnalyzer, register the EMS device to a Fabric ADOM.
  5. In the Fabric ADOM, go to Fabric View > Fabric Connectors. Click Create New, and select FortiClient EMS.

    Configure the EMS connector, and click OK.
  6. Go to FortiSoC > Automation > Connectors. Here you can view the actions FortiAnalyzer can take on endpoints using the EMS connector.

Playbook EMS connector examples

Below are two examples of how the FortiClient EMS connector enables actions in FortiSoC playbooks:

To create a playbook from a template:
  1. Go to FortiSoC > Automation > Playbook, and click Create New.
  2. From the list of templates, select Playbook EMS Run_Vulnerability_Scan.
    This template will run a vulnerability scan on an endpoint. Save the playbook.
  3. From the Playbook menu, run the playbook.

    A prompt appears to select the endpoint on which to perform the vulnerability scan.
  4. Go to FortiSoC > Automation > Playbook Monitor to view the running status of the playbook job.
To create a playbook from scratch
  1. Go to FortiSoC > Automation > Playbook, and click Create New.
    From the list of templates, select New Playbook created from scratch.
  2. Configure the playbook:
    1. Select the On Demand trigger.
    2. Add a task with the EMS connector Get Endpoints action.
    3. Add a task with the Local connector Update Asset and Identity action.
  3. Click Save Playbook.
  4. Run the playbook, and go to Fabric View > Assets to view the collected endpoint information.
Previous
Next

EMS Connector

EMS connector on FortiAnalyzer allows automation playbooks to reach out to endpoints and collect information or take containment actions.

To configure an EMS connector for use in FortiSoC playbooks:
  1. Configure a FortiClient EMS 6.4.0 server which supports the FortiAnalyzer EMS connector feature.
  2. Register FortiClient to the EMS server. In the example below, two FortiClients have been registered.
  3. In FortiClient EMS System Settings, configure FortiClient EMS to send logs to FortiAnalyzer.
  4. In FortiAnalyzer, register the EMS device to a Fabric ADOM.
  5. In the Fabric ADOM, go to Fabric View > Fabric Connectors. Click Create New, and select FortiClient EMS.

    Configure the EMS connector, and click OK.
  6. Go to FortiSoC > Automation > Connectors. Here you can view the actions FortiAnalyzer can take on endpoints using the EMS connector.

Playbook EMS connector examples

Below are two examples of how the FortiClient EMS connector enables actions in FortiSoC playbooks:

To create a playbook from a template:
  1. Go to FortiSoC > Automation > Playbook, and click Create New.
  2. From the list of templates, select Playbook EMS Run_Vulnerability_Scan.
    This template will run a vulnerability scan on an endpoint. Save the playbook.
  3. From the Playbook menu, run the playbook.

    A prompt appears to select the endpoint on which to perform the vulnerability scan.
  4. Go to FortiSoC > Automation > Playbook Monitor to view the running status of the playbook job.
To create a playbook from scratch
  1. Go to FortiSoC > Automation > Playbook, and click Create New.
    From the list of templates, select New Playbook created from scratch.
  2. Configure the playbook:
    1. Select the On Demand trigger.
    2. Add a task with the EMS connector Get Endpoints action.
    3. Add a task with the Local connector Update Asset and Identity action.
  3. Click Save Playbook.
  4. Run the playbook, and go to Fabric View > Assets to view the collected endpoint information.
Previous
Next