Fortinet black logo

Deployment Guide

Home FortiSOAR Cloud 7.5.0 Deployment Guide
7.5.0
7.5.0
7.4.3
7.4.2
7.4.1
7.4.0
7.3.1
7.3.0
7.2.1
7.2.0
7.0.2
7.0.1
7.0.0

Beginning with FortiSOAR Cloud

Beginning with FortiSOAR Cloud

Logging into FortiSOAR Cloud for the first time

To access the FortiSOAR Cloud console, click WebSSH on the FortiCloud portal. If you are logging into the console for the first time, then you must enter the default SSH credentials, which are csadmin/<your account_id>. You will be asked to change the default SSH passwords after successfully logging into the console:
SSH Change Password screen

Once you update the default password, you will be logged out and again asked to log in using the updated credentials. Once you log in, you will be presented with the EULA acceptance pages (2 pages):
EULA Acceptance page
Click Accept to accept the EULA. Once the EULA is accepted, you can start to use the FortiSOAR Cloud console. You can use the FortiSOAR Cloud console and perform various administrative tasks using the 'csadm' commands on the console:
FortiSOAR Console

To access the ForiSOAR UI, click Enter on the FortiCloud portal. On the FortiSOAR UI, you will be asked to accept the EULA if it is not already accepted. Once you accept the EULA, you will be logged into the FortiSOAR UI. The role that you have been assigned, i.e., a 'Full Access' user or a 'Limited Access' user, determines the actions you can perform in FortiSOAR. For information on FortiSOAR features and how to use and configure them, see the FortiSOAR Documentation Library.

By default, the SOAR Framework Solution Pack is installed with fresh installations of FortiSOAR Cloud.The SOAR Framework Solution Pack (SP) is the Foundational Solution Pack that creates the framework, including modules, dashboards, roles, widgets, etc., required for effective day-to-day operations of any SOC. Also, the Incident Response modules, i.e., Alerts, Incidents, Indicators, and War Rooms, are not part of the FortiSOAR Cloud platform, making it essential to optimally use and experience FortiSOAR Cloud’s incident response. For detailed information about the SOAR Framework SP, see the SOAR Framework SP documentation.

You can access FortiSOAR Cloud in the following ways:

  • Using fortisoar.fortinet.com - This displays the FortiSOAR Cloud portal's landing page:
    FSR Cloud Landing Page
    Click Log in to display your FortiSOAR Cloud account page:
    User Account Page
    IMPORTANT: The Snapshot, Revert, or Reboot processes should only be initiated by one user at a time. If multiple users attempt to start these processes simultaneously, it may result in unsolvable issues. For example, f there are two users logged in to fortisoar.forticloud.com – one as a SUB user and the other as the Primary user – and the Primary user initiates a snapshot while the SUB user simultaneously attempts to reboot, errors may occur on fortisoar.forticloud.com.
    Click Enter to access the FortiSOAR Cloud UI.
  • Using support.fortinet.com - This directly displays the FortiSOAR Cloud UI if the FortiSOAR Cloud instance is provisioned with a valid license.

Secure Message Exchange

The FortiSOAR Cloud instance contains an embedded FortiSOAR Secure Message Exchange (SME). A secure message exchange establishes a secure channel that is used to relay information to external agents or dedicated tenant nodes. The address of the embedded SME is set as the Cloud portal address, and the SME runs on port 5671.

Cloud App Menu

FortiSOAR displays a Cloud App Menu for users logging in through the Cloud portal. The Cloud App Menu is displayed in the FortiSOAR top bar and can be used to access other cloud applications such as FortiEDR, FortiAnalyzer Cloud, etc.:
Cloud App Menu

Whenever you click on another cloud app, such as FortiAnalyzer Cloud, you will be redirected to the cloud portal of that app, and you will be logged out of FortiSOAR and the FortiSOAR Cloud Portal. Clicking the Logout button also logs you out of both FortiSOAR and FortiSOAR Cloud Portal.

Settings

The 'Settings' icon in the top bar allows administrators to customize FortiSOAR Cloud and configure default options used throughout the system. For more information, see the "Administration Guide" that is part of the FortiSOAR Documentation. Starting with release 7.5.0, FortiSOAR supports internationalization via a system widget named "Language Pack" that includes the supported languages. This widget is automatically installed during the installation or upgrade of FortiSOAR Cloud to release 7.5.0 or later.

Caution

Do not uninstall or modify the "Language Pack" widget, as it is a system widget. Altering it could cause translation issues and could result in the FortiSOAR UI being displayed in English. English serves as the fallback language for FortiSOAR. If any content is not translated into the selected language, it will be shown in English.

Administrators must be assigned the 'Read' or 'Usage' permission on 'Widgets' (in addition to other necessary permissions) to modify the global language settings. Without this permission, the FortiSOAR UI remains in English, regardless of the language you set. Administrators can set the language for FortiSOAR from the supported options: English, Japanese (Preview), Korean (Preview), and Simplified Chinese (Preview). This language setting will apply to all users; however, users can set their language preference in their user profile, and the user's preference will take precedence over the administrator's setting.

User Preferences

The 'user profile' icon in the top bar allows users without access to the 'Security' module to edit their profile. You can customize your profile to set the email notification options, theme, and language for your FortiSOAR instance:
User Preferences Dialog
To edit your user preferences, click the User Profile icon to display the User Profile dialog. On the User Profile dialog, you can set the following preferences:

  • In the Notifications section, set your notifications preference:
    • Select Enable System notifications on email to receive system notifications on your email account.
    • Select Enable email notifications for @mentions in comments to receive notifications for @ mentions in comments.
  • In the Themes Settings section, select the FortiSOAR theme you want to use; you can choose between Dark, Light, and Space, with Space being the default.
    Click Preview Theme to see the UI in the selected theme. To go back to the original theme, after previewing the theme, click Revert Theme.
  • In the Language Settings section, set your language preference from the supported options: English, Japanese (Preview), Korean (Preview), and Simplified Chinese (Preview). Starting with release 7.5.0, FortiSOAR supports internationalization via a system widget named "Language Pack" that includes the supported languages.
    NOTE: To customize the language for your FortiSOAR instance, you must be assigned the 'Read' or 'Usage' permission on 'Widgets'. Without this permission, the UI of your FortiSOAR instance will remain in English, regardless of the language you set in your profile.
    Your preferred language will take precedence over the administrator's setting. For example, if the administrator has set the language to 'Korean', but you prefer 'Japanese', you can select Japanese in your profile, and the UI of your instance will be displayed in Japanese.
    To set your language preference, from the Select a Language drop-down list select your preferred language.

Once you have completed updating your profile, click Save on the User Profile dialog.

List of logs that can be used for debugging FortiSOAR Cloud

Administrators can use various logs that FortiSOAR generates to troubleshoot FortiSOAR Cloud issues:

Log Name Purpose
/var/log/cyops/install/config-vm-<time-stamp-here>.log Used for troubleshooting issues that occur while configuring the VM.
/var/log/cyops/fcloud/ Used for troubleshooting issues related to other cloud-related apps.

/var/log/cyops/csadm/secure-message-exchange.log

Used for troubleshooting issues related to the secure message exchange.
Previous
Next

Beginning with FortiSOAR Cloud

Logging into FortiSOAR Cloud for the first time

To access the FortiSOAR Cloud console, click WebSSH on the FortiCloud portal. If you are logging into the console for the first time, then you must enter the default SSH credentials, which are csadmin/<your account_id>. You will be asked to change the default SSH passwords after successfully logging into the console:
SSH Change Password screen

Once you update the default password, you will be logged out and again asked to log in using the updated credentials. Once you log in, you will be presented with the EULA acceptance pages (2 pages):
EULA Acceptance page
Click Accept to accept the EULA. Once the EULA is accepted, you can start to use the FortiSOAR Cloud console. You can use the FortiSOAR Cloud console and perform various administrative tasks using the 'csadm' commands on the console:
FortiSOAR Console

To access the ForiSOAR UI, click Enter on the FortiCloud portal. On the FortiSOAR UI, you will be asked to accept the EULA if it is not already accepted. Once you accept the EULA, you will be logged into the FortiSOAR UI. The role that you have been assigned, i.e., a 'Full Access' user or a 'Limited Access' user, determines the actions you can perform in FortiSOAR. For information on FortiSOAR features and how to use and configure them, see the FortiSOAR Documentation Library.

By default, the SOAR Framework Solution Pack is installed with fresh installations of FortiSOAR Cloud.The SOAR Framework Solution Pack (SP) is the Foundational Solution Pack that creates the framework, including modules, dashboards, roles, widgets, etc., required for effective day-to-day operations of any SOC. Also, the Incident Response modules, i.e., Alerts, Incidents, Indicators, and War Rooms, are not part of the FortiSOAR Cloud platform, making it essential to optimally use and experience FortiSOAR Cloud’s incident response. For detailed information about the SOAR Framework SP, see the SOAR Framework SP documentation.

You can access FortiSOAR Cloud in the following ways:

  • Using fortisoar.fortinet.com - This displays the FortiSOAR Cloud portal's landing page:
    FSR Cloud Landing Page
    Click Log in to display your FortiSOAR Cloud account page:
    User Account Page
    IMPORTANT: The Snapshot, Revert, or Reboot processes should only be initiated by one user at a time. If multiple users attempt to start these processes simultaneously, it may result in unsolvable issues. For example, f there are two users logged in to fortisoar.forticloud.com – one as a SUB user and the other as the Primary user – and the Primary user initiates a snapshot while the SUB user simultaneously attempts to reboot, errors may occur on fortisoar.forticloud.com.
    Click Enter to access the FortiSOAR Cloud UI.
  • Using support.fortinet.com - This directly displays the FortiSOAR Cloud UI if the FortiSOAR Cloud instance is provisioned with a valid license.

Secure Message Exchange

The FortiSOAR Cloud instance contains an embedded FortiSOAR Secure Message Exchange (SME). A secure message exchange establishes a secure channel that is used to relay information to external agents or dedicated tenant nodes. The address of the embedded SME is set as the Cloud portal address, and the SME runs on port 5671.

Cloud App Menu

FortiSOAR displays a Cloud App Menu for users logging in through the Cloud portal. The Cloud App Menu is displayed in the FortiSOAR top bar and can be used to access other cloud applications such as FortiEDR, FortiAnalyzer Cloud, etc.:
Cloud App Menu

Whenever you click on another cloud app, such as FortiAnalyzer Cloud, you will be redirected to the cloud portal of that app, and you will be logged out of FortiSOAR and the FortiSOAR Cloud Portal. Clicking the Logout button also logs you out of both FortiSOAR and FortiSOAR Cloud Portal.

Settings

The 'Settings' icon in the top bar allows administrators to customize FortiSOAR Cloud and configure default options used throughout the system. For more information, see the "Administration Guide" that is part of the FortiSOAR Documentation. Starting with release 7.5.0, FortiSOAR supports internationalization via a system widget named "Language Pack" that includes the supported languages. This widget is automatically installed during the installation or upgrade of FortiSOAR Cloud to release 7.5.0 or later.

Caution

Do not uninstall or modify the "Language Pack" widget, as it is a system widget. Altering it could cause translation issues and could result in the FortiSOAR UI being displayed in English. English serves as the fallback language for FortiSOAR. If any content is not translated into the selected language, it will be shown in English.

Administrators must be assigned the 'Read' or 'Usage' permission on 'Widgets' (in addition to other necessary permissions) to modify the global language settings. Without this permission, the FortiSOAR UI remains in English, regardless of the language you set. Administrators can set the language for FortiSOAR from the supported options: English, Japanese (Preview), Korean (Preview), and Simplified Chinese (Preview). This language setting will apply to all users; however, users can set their language preference in their user profile, and the user's preference will take precedence over the administrator's setting.

User Preferences

The 'user profile' icon in the top bar allows users without access to the 'Security' module to edit their profile. You can customize your profile to set the email notification options, theme, and language for your FortiSOAR instance:
User Preferences Dialog
To edit your user preferences, click the User Profile icon to display the User Profile dialog. On the User Profile dialog, you can set the following preferences:

  • In the Notifications section, set your notifications preference:
    • Select Enable System notifications on email to receive system notifications on your email account.
    • Select Enable email notifications for @mentions in comments to receive notifications for @ mentions in comments.
  • In the Themes Settings section, select the FortiSOAR theme you want to use; you can choose between Dark, Light, and Space, with Space being the default.
    Click Preview Theme to see the UI in the selected theme. To go back to the original theme, after previewing the theme, click Revert Theme.
  • In the Language Settings section, set your language preference from the supported options: English, Japanese (Preview), Korean (Preview), and Simplified Chinese (Preview). Starting with release 7.5.0, FortiSOAR supports internationalization via a system widget named "Language Pack" that includes the supported languages.
    NOTE: To customize the language for your FortiSOAR instance, you must be assigned the 'Read' or 'Usage' permission on 'Widgets'. Without this permission, the UI of your FortiSOAR instance will remain in English, regardless of the language you set in your profile.
    Your preferred language will take precedence over the administrator's setting. For example, if the administrator has set the language to 'Korean', but you prefer 'Japanese', you can select Japanese in your profile, and the UI of your instance will be displayed in Japanese.
    To set your language preference, from the Select a Language drop-down list select your preferred language.

Once you have completed updating your profile, click Save on the User Profile dialog.

List of logs that can be used for debugging FortiSOAR Cloud

Administrators can use various logs that FortiSOAR generates to troubleshoot FortiSOAR Cloud issues:

Log Name Purpose
/var/log/cyops/install/config-vm-<time-stamp-here>.log Used for troubleshooting issues that occur while configuring the VM.
/var/log/cyops/fcloud/ Used for troubleshooting issues related to other cloud-related apps.

/var/log/cyops/csadm/secure-message-exchange.log

Used for troubleshooting issues related to the secure message exchange.
Previous
Next