Fortinet black logo

Administration Guide

Creating or editing Security Fabric connectors

Creating or editing Security Fabric connectors

You can create a Security Fabric connector on FortiAnalyzer for FortiClient EMS, FortiMail, and FortiCASB. Once configured, Security Fabric connectors enrich incident response related actions available in FortiSoC.

To create a Security Fabric connector:
  1. Go to Fabric View > Fabric > Connectors, and click Create New.

    The Create New Fabric Connector dialog is displayed.

  2. Under Security Fabric, click FortiClient EMS, FortiMail, or FortiCASB.
  3. In the Configuration tab, configure the following options for:

    FortiClient EMS

    Property

    Description

    Type

    Select FortiClient EMS or FortiClient EMS Cloud.

    NameType a name for the Security Fabric connector.
    Description(Optional) Type a description for the Security Fabric connector.

    FortiClient EMS

    IP/FQDN

    Type the IP address or FQDN for the Security Fabric device.

    Username

    Type the username for the Security Fabric device.

    Password

    Type the password for the Security Fabric device.

    FortiClient EMS Cloud

    Account ID

    Super users can type the account ID of the FortiClient EMS Cloud instance.

    For non-super users, the field is automatically populated with the default account ID. The FortiAnalyzer device must be registered with FortiCloud to create and update the connector as a non-super user.

    The FortiClient EMS must be v7.0 or later. After the FortiClient EMS Cloud connector is created, the connector's health-check sends an authentication request with SNI (the account ID) to the EMS instance. The authentication request from the FortiAnalyzer device must be approved in EMS: Administration > Fabric Devices. For more information, see FortiClient on the Fortinet Docs Library.

    Status

    Toggle On to enable the Security Fabric connector. Toggle Off to disable the Security Fabric connector.

    FortiMail

    Property

    Description

    NameType a name for the Security Fabric connector.
    Description(Optional) Type a description for the Security Fabric connector.
    IP/FQDN

    Type the IP address or FQDN for the Security Fabric device.

    Username

    Type the username for the Security Fabric device.

    Password

    Type the password for the Security Fabric device.

    StatusToggle On to enable the Security Fabric connector. Toggle Off to disable the Security Fabric connector.

    FortiCASB

    Property

    Description

    NameType a name for the Security Fabric connector.
    Description(Optional) Type a description for the Security Fabric connector.
    IP/FQDN

    Type the IP address or FQDN for the Security Fabric device.

    Use the FortiCASB FQDN for your chosen server location. The server location is selected when creating your FortiCASB account. Use forticasb.com for global servers or eu.forticasb.com for EU based servers.

    Account ID

    Enter the credentials token used for authentication.

    To create a FortiCASB credentials token, log in to FortiCASB with your account, go to Home > Manage Company > API Setting, and click Generate New. For more information, see FortiCASB on the Fortinet Docs Library.

    StatusToggle On to enable the Security Fabric connector. Toggle Off to disable the Security Fabric connector.
  4. Click the Actions tab to view the actions available with the Security Fabric connector, then click OK.

After the Security Fabric connector is created, playbooks configured in FortiSoC can use the connector to execute automated actions. For a list of connector actions available in FortiSoC playbooks, see Connectors.

Default playbooks are automatically created when configuring some Security Fabric connectors. For more information on playbooks in FortiSoC, see Playbooks.

To edit a Security Fabric connector:
  1. Go to Fabric View > Fabric > Connectors.
  2. Right-click a Security Fabric connector, and select Edit.

    The Edit Connectors dialog is displayed.

  3. Edit the settings, and click OK.

Creating or editing Security Fabric connectors

You can create a Security Fabric connector on FortiAnalyzer for FortiClient EMS, FortiMail, and FortiCASB. Once configured, Security Fabric connectors enrich incident response related actions available in FortiSoC.

To create a Security Fabric connector:
  1. Go to Fabric View > Fabric > Connectors, and click Create New.

    The Create New Fabric Connector dialog is displayed.

  2. Under Security Fabric, click FortiClient EMS, FortiMail, or FortiCASB.
  3. In the Configuration tab, configure the following options for:

    FortiClient EMS

    Property

    Description

    Type

    Select FortiClient EMS or FortiClient EMS Cloud.

    NameType a name for the Security Fabric connector.
    Description(Optional) Type a description for the Security Fabric connector.

    FortiClient EMS

    IP/FQDN

    Type the IP address or FQDN for the Security Fabric device.

    Username

    Type the username for the Security Fabric device.

    Password

    Type the password for the Security Fabric device.

    FortiClient EMS Cloud

    Account ID

    Super users can type the account ID of the FortiClient EMS Cloud instance.

    For non-super users, the field is automatically populated with the default account ID. The FortiAnalyzer device must be registered with FortiCloud to create and update the connector as a non-super user.

    The FortiClient EMS must be v7.0 or later. After the FortiClient EMS Cloud connector is created, the connector's health-check sends an authentication request with SNI (the account ID) to the EMS instance. The authentication request from the FortiAnalyzer device must be approved in EMS: Administration > Fabric Devices. For more information, see FortiClient on the Fortinet Docs Library.

    Status

    Toggle On to enable the Security Fabric connector. Toggle Off to disable the Security Fabric connector.

    FortiMail

    Property

    Description

    NameType a name for the Security Fabric connector.
    Description(Optional) Type a description for the Security Fabric connector.
    IP/FQDN

    Type the IP address or FQDN for the Security Fabric device.

    Username

    Type the username for the Security Fabric device.

    Password

    Type the password for the Security Fabric device.

    StatusToggle On to enable the Security Fabric connector. Toggle Off to disable the Security Fabric connector.

    FortiCASB

    Property

    Description

    NameType a name for the Security Fabric connector.
    Description(Optional) Type a description for the Security Fabric connector.
    IP/FQDN

    Type the IP address or FQDN for the Security Fabric device.

    Use the FortiCASB FQDN for your chosen server location. The server location is selected when creating your FortiCASB account. Use forticasb.com for global servers or eu.forticasb.com for EU based servers.

    Account ID

    Enter the credentials token used for authentication.

    To create a FortiCASB credentials token, log in to FortiCASB with your account, go to Home > Manage Company > API Setting, and click Generate New. For more information, see FortiCASB on the Fortinet Docs Library.

    StatusToggle On to enable the Security Fabric connector. Toggle Off to disable the Security Fabric connector.
  4. Click the Actions tab to view the actions available with the Security Fabric connector, then click OK.

After the Security Fabric connector is created, playbooks configured in FortiSoC can use the connector to execute automated actions. For a list of connector actions available in FortiSoC playbooks, see Connectors.

Default playbooks are automatically created when configuring some Security Fabric connectors. For more information on playbooks in FortiSoC, see Playbooks.

To edit a Security Fabric connector:
  1. Go to Fabric View > Fabric > Connectors.
  2. Right-click a Security Fabric connector, and select Edit.

    The Edit Connectors dialog is displayed.

  3. Edit the settings, and click OK.