Fortinet black logo

Deployment Guide

Home FortiSOAR Cloud 7.4.2 Deployment Guide
7.4.2
7.5.0
7.4.3
7.4.2
7.4.1
7.4.0
7.3.1
7.3.0
7.2.1
7.2.0
7.0.2
7.0.1
7.0.0

Beginning with FortiSOAR Cloud

Beginning with FortiSOAR Cloud

Logging into FortiSOAR Cloud for the first time

To access the FortiSOAR Cloud console, click WebSSH on the FortiCloud portal. If you are logging into the console for the first time, then you must enter the default SSH credentials, which are csadmin/<your account_id>. You will be asked to change the default SSH passwords after successfully logging into the console:
SSH Change Password screen

Once you update the default password, you will be logged out and again asked to log in using the updated credentials. Once you log in, you will be presented with the EULA acceptance pages (2 pages):
EULA Acceptance page
Click Accept to accept the EULA. Once the EULA is accepted, you can start to use the FortiSOAR Cloud console:
FortiSOAR Console

To access the ForiSOAR UI, click Enter on the FortiCloud portal. On the FortiSOAR UI, you will be asked to accept the EULA if it is not already accepted. Once you accept the EULA, you will be logged into the FortiSOAR UI. The role that you have been assigned, i.e., a 'Full Access' user or a 'Limited Access' user, determines the actions you can perform in FortiSOAR. For information on FortiSOAR features and how to use and configure them, see the FortiSOAR Documentation Library.

By default, the SOAR Framework Solution Pack is installed with fresh installations of FortiSOAR Cloud .The SOAR Framework Solution Pack (SP) is the Foundational Solution Pack that creates the framework, including modules, dashboards, roles, widgets, etc., required for effective day-to-day operations of any SOC. Also, the Incident Response modules, i.e., Alerts, Incidents, Indicators, and War Rooms, are not part of the FortiSOAR Cloud platform, making it essential for users to install the SOAR Framework SP to optimally use and experience FortiSOAR Cloud’s incident response. For detailed information about the SOAR Framework SP, see the SOAR Framework SP documentation.

You can access FortiSOAR Cloud in the following ways:

  • Using fortisoar.fortinet.com - This displays the FortiSOAR Cloud portal's landing page:
    FSR Cloud Landing Page
    Click Log in to display your FortiSOAR Cloud account page:
    User Account Page
    Click Enter to access the FortiSOAR Cloud UI.
  • Using support.fortinet.com - This directly displays the FortiSOAR Cloud UI if the FortiSOAR Cloud instance is provisioned with a valid license.

Secure Message Exchange

The FortiSOAR Cloud instance contains an embedded FortiSOAR Secure Message Exchange (SME). A secure message exchange establishes a secure channel that is used to relay information to external agents or dedicated tenant nodes. The address of the embedded SME is set as the Cloud portal address, and the SME runs on port 5671.

Cloud App Menu

FortiSOAR displays a Cloud App Menu for users logging in through the Cloud portal. The Cloud App Menu is displayed in the FortiSOAR top bar and can be used to access other cloud applications such as FortiEDR, FortiAnalyzer Cloud, etc.:
Cloud App Menu

Whenever you click on another cloud app, such as FortiAnalyzer Cloud, you will be redirected to the cloud portal of that app, and you will be logged out of FortiSOAR and the FortiSOAR Cloud Portal. Clicking the Logout button also logs you out of both FortiSOAR and FortiSOAR Cloud Portal.

The 'user profile' icon in the top bar can be used by users who do not have access to the 'Security' module to edit their profile to set the email notification options and the theme for their FortiSOAR instance:
User Preferences Dialog
To edit your user preferences, click the User Profile icon to display the User Profile dialog. On the User Profile dialog, in the Notifications section, select whether you want to get notified on your email account for system notifications and @mentions in the comments. In the Themes Settings section, select the FortiSOAR theme you want to use; you can choose between Dark, Light, and Space, with Space being the default. Once you have completed updating your profile, click Save on the User Profile dialog.

List of logs that can be used for debugging FortiSOAR Cloud

Administrators can use various logs that FortiSOAR generates to troubleshoot FortiSOAR Cloud issues:

Log Name Purpose
/var/log/cyops/install/config-vm-<time-stamp-here>.log Used for troubleshooting issues that occur while configuring the VM.
/var/log/cyops/fcloud/ Used for troubleshooting issues related to other cloud-related apps.

/var/log/cyops/csadm/secure-message-exchange.log

Used for troubleshooting issues related to the secure message exchange.
Previous
Next

Beginning with FortiSOAR Cloud

Logging into FortiSOAR Cloud for the first time

To access the FortiSOAR Cloud console, click WebSSH on the FortiCloud portal. If you are logging into the console for the first time, then you must enter the default SSH credentials, which are csadmin/<your account_id>. You will be asked to change the default SSH passwords after successfully logging into the console:
SSH Change Password screen

Once you update the default password, you will be logged out and again asked to log in using the updated credentials. Once you log in, you will be presented with the EULA acceptance pages (2 pages):
EULA Acceptance page
Click Accept to accept the EULA. Once the EULA is accepted, you can start to use the FortiSOAR Cloud console:
FortiSOAR Console

To access the ForiSOAR UI, click Enter on the FortiCloud portal. On the FortiSOAR UI, you will be asked to accept the EULA if it is not already accepted. Once you accept the EULA, you will be logged into the FortiSOAR UI. The role that you have been assigned, i.e., a 'Full Access' user or a 'Limited Access' user, determines the actions you can perform in FortiSOAR. For information on FortiSOAR features and how to use and configure them, see the FortiSOAR Documentation Library.

By default, the SOAR Framework Solution Pack is installed with fresh installations of FortiSOAR Cloud .The SOAR Framework Solution Pack (SP) is the Foundational Solution Pack that creates the framework, including modules, dashboards, roles, widgets, etc., required for effective day-to-day operations of any SOC. Also, the Incident Response modules, i.e., Alerts, Incidents, Indicators, and War Rooms, are not part of the FortiSOAR Cloud platform, making it essential for users to install the SOAR Framework SP to optimally use and experience FortiSOAR Cloud’s incident response. For detailed information about the SOAR Framework SP, see the SOAR Framework SP documentation.

You can access FortiSOAR Cloud in the following ways:

  • Using fortisoar.fortinet.com - This displays the FortiSOAR Cloud portal's landing page:
    FSR Cloud Landing Page
    Click Log in to display your FortiSOAR Cloud account page:
    User Account Page
    Click Enter to access the FortiSOAR Cloud UI.
  • Using support.fortinet.com - This directly displays the FortiSOAR Cloud UI if the FortiSOAR Cloud instance is provisioned with a valid license.

Secure Message Exchange

The FortiSOAR Cloud instance contains an embedded FortiSOAR Secure Message Exchange (SME). A secure message exchange establishes a secure channel that is used to relay information to external agents or dedicated tenant nodes. The address of the embedded SME is set as the Cloud portal address, and the SME runs on port 5671.

Cloud App Menu

FortiSOAR displays a Cloud App Menu for users logging in through the Cloud portal. The Cloud App Menu is displayed in the FortiSOAR top bar and can be used to access other cloud applications such as FortiEDR, FortiAnalyzer Cloud, etc.:
Cloud App Menu

Whenever you click on another cloud app, such as FortiAnalyzer Cloud, you will be redirected to the cloud portal of that app, and you will be logged out of FortiSOAR and the FortiSOAR Cloud Portal. Clicking the Logout button also logs you out of both FortiSOAR and FortiSOAR Cloud Portal.

The 'user profile' icon in the top bar can be used by users who do not have access to the 'Security' module to edit their profile to set the email notification options and the theme for their FortiSOAR instance:
User Preferences Dialog
To edit your user preferences, click the User Profile icon to display the User Profile dialog. On the User Profile dialog, in the Notifications section, select whether you want to get notified on your email account for system notifications and @mentions in the comments. In the Themes Settings section, select the FortiSOAR theme you want to use; you can choose between Dark, Light, and Space, with Space being the default. Once you have completed updating your profile, click Save on the User Profile dialog.

List of logs that can be used for debugging FortiSOAR Cloud

Administrators can use various logs that FortiSOAR generates to troubleshoot FortiSOAR Cloud issues:

Log Name Purpose
/var/log/cyops/install/config-vm-<time-stamp-here>.log Used for troubleshooting issues that occur while configuring the VM.
/var/log/cyops/fcloud/ Used for troubleshooting issues related to other cloud-related apps.

/var/log/cyops/csadm/secure-message-exchange.log

Used for troubleshooting issues related to the secure message exchange.
Previous
Next