Integrate Method settings
FGT-REST-API
Compatible FortiGate version: 6.0.4 or later
FGT-WEBHOOK
Compatible FortiGate version: 6.4.0 or later
Block Action | Expiry |
Default blocking time in seconds. Default is 3600 seconds. |
URL |
Enter the request API URI. |
|
Authorization |
Enter the API key. |
|
Unblock Action | Expiry |
Default blocking time in seconds. Default is 3600 seconds. |
URL |
Enter the request API URI. |
|
Authorization |
Enter the API key. |
PAN-XMLAPI
Compatible PAN-device version: 10.0.0 or later
Device IP | IP address of the integrated device. |
Port | Port number of the integrated device API service. Default is 8443. |
Username | Username of the integrated device. |
Password | Password of the integrated device. |
Vsys | The virtual system which is configured on PAN |
Policy Index | Select Top or Bottom. |
Expiry | Default blocking time in seconds. Default is 3600 seconds. |
GEN-WEBHOOK
Compatible FortiNAC version: 8.8 or later (Firmware: 8.8.2.1714)
Block Action: | Expiry |
Default blocking time in seconds. Default is 3600 seconds. |
Http Method |
Select GET, POST, PUT, or PATCH |
|
URL |
Enter the request API URI. |
|
Authorization |
Enter the API key. |
|
HTTP Header | ||
HTTP Data |
Select Empty, Hacker-IP, Hacker-MAC, or Expiry-Time. |
|
Unblock Action: | Http Method |
Select GET, POST, PUT, or PATCH |
URL |
Enter the request API URI. |
|
Authorization |
Enter the API key. |
|
HTTP Header |
Select Empty, Hacker-IP, Hacker-MAC, or Expiry-Time. |
|
HTTP Data |
Select Empty, Hacker-IP, Hacker-MAC, or Expiry-Time. |
FNAC-WEBHOOK
Compatible FortiNAC version: 8.8.2.1714 or later.
IP: |
IP address of the integrated device. |
Port: |
Port number of the integrated device API service. Default is 8443. |
Authorization Token: |
The FortiNAC-WEBHOOK authorization token generated by FNAC. |
Expiry: |
Default blocking time in seconds. Default is 3600 seconds. |
WMI-Disable
Domain |
The device domain. |
Username |
Username of the integrated device. |
Password |
Password of the integrated device. |
FortiEDR-Isolation
Compatible FortiEDR version: 5.0.2.305 or later.
IP |
IP address of the integrated device. |
Port |
Port number of the integrated device API service. Default is 8443. |
Organization\Username |
The FortiEDR organization and username. |
Password |
Password of the integrated device. |
Expiry |
Default blocking time in seconds. Default is 3600 seconds. |
Cisco-ISE
Compatible Cisco ISE version: 2.7 or later.
Server URL/IP |
The Cisco server URL and IP address. |
Port |
Port number of the integrated device API service. Default is 8443. |
Username |
Username of the integrated device. |
Password |
Password of the integrated device. |
Verify SSL |
Enable to verify SSL. |
Expiry |
Default blocking time in seconds. Default is 3600 seconds. |
Microsoft-ATP
Server URL |
Service base URI to connect and perform the automated operations. For example, https://api.securitycenter.microsoft.com. |
Client ID |
Client ID of the Azure application that is used to access Windows Defender ATP |
Client Secret |
Secret string that the application (used to access Windows Defender ATP) uses to prove its identity |
Tenant ID |
Tenant ID of the Azure application |
Verify SSL |
Enable to verify SSL. |
Expiry |
Default blocking time in seconds. Default is 3600 seconds. |
CrowdStrike-Isolation
Server URL |
CrowdStrike server URL. |
Client ID |
Client ID of the Crowdstrike application which is used to access CrowdStrike isolation service. |
Client Secret |
Secret string of the Crowdstrike application which is used to access CrowdStrike isolation service. |
Verify SSL |
Enable to verify SSL. |
Expiry |
Default blocking time in seconds. Default is 3600 seconds. |
FSM-Watch-List
IP |
IP address of the integrated device. |
Port |
Port number of the integrated device API service. Default is 8443. |
Username: |
Username of the integrated device. |
Password: |
Password of the integrated device. |
Organization |
Type the organization name for the integration device. |
Verify SSL |
Enable to verify SSL. |
Watch-List Name |
Type Watch-List Name as defined in FortiSIEM. |
Lure Users-Manual Mode |
Type the other lures you want to watch. |
Polling Time Interval |
Default polling time in seconds. Default is 3600 seconds. |