Version:

Version:

Version:


Table of Contents

New Features

Download PDF
Copy Link

FortiGuard connector 6.4.3

The FortiGuard connector on FortiAnalyzer allows SOC playbooks to look up indicators and get threat intelligence information.

To use the FortiGuard connector:
  1. Go to FortiSoC > Automation > Connectors to view the FortiGuard connector.
    The FortiGuard connector is automatically installed with default actions. The FortiGuard connector is connected and ready for use when the status icon is green.
  2. Go to FortiSoc > Automation > Playbook, and create a new playbook.
  3. Create a task to perform a FortiGuard indicator lookup. Select the FortiGuard Connector type and the Lookup Indicator action. You can choose the indicator type based on your requirements (e.g. IP/URL/Domain).
  4. Create another task to attach data to an incident. Select the Local Connector type and Attach Data to Incident action. Enter an Incident ID and then save the playbook.
  5. Manually run the playbook. You will see a prompt to input the value of an indicator according to the configured indicator type.
  6. Go to FortiSoc > Automation > Playbook Monitor to confirm that the playbook has run successfully. Once complete, go to FortiSoC > Incidents to view the incident you configured in the playbook. The FortiSoC indicators are attached to the incident in the Indicators tab.
    Click Detail to drilldown for additional information about the indicator.

FortiGuard connector 6.4.3

The FortiGuard connector on FortiAnalyzer allows SOC playbooks to look up indicators and get threat intelligence information.

To use the FortiGuard connector:
  1. Go to FortiSoC > Automation > Connectors to view the FortiGuard connector.
    The FortiGuard connector is automatically installed with default actions. The FortiGuard connector is connected and ready for use when the status icon is green.
  2. Go to FortiSoc > Automation > Playbook, and create a new playbook.
  3. Create a task to perform a FortiGuard indicator lookup. Select the FortiGuard Connector type and the Lookup Indicator action. You can choose the indicator type based on your requirements (e.g. IP/URL/Domain).
  4. Create another task to attach data to an incident. Select the Local Connector type and Attach Data to Incident action. Enter an Incident ID and then save the playbook.
  5. Manually run the playbook. You will see a prompt to input the value of an indicator according to the configured indicator type.
  6. Go to FortiSoc > Automation > Playbook Monitor to confirm that the playbook has run successfully. Once complete, go to FortiSoC > Incidents to view the incident you configured in the playbook. The FortiSoC indicators are attached to the incident in the Indicators tab.
    Click Detail to drilldown for additional information about the indicator.