This forum is for all security enthusiasts to discuss Fortinet's latest & evolving technologies and to connect & network with peers in the cybersecurity hemisphere. Share and learn on a broad range of topics like best practices, use cases, integrations and more. For support specific questions/resources, please visit the Support Forum or the Knowledge Base.
About the Integration:
FortiSOAR 6.0 rolled out an enhanced integration with FortiAnalyzer (FAZ). FAZ users can leverage this integration to ingest FAZ incidents into FortiSOAR (FSR) and take the investigation ahead using FSR's extensive connector library (of nearly 300 OOB security tool integrations), role-based comprehensive case management and best-in-class automation framework, aka playbooks.
Use cases:
On ingesting incidents from FAZ, FortiSOAR investigation playbooks automatically extract incident artifacts like associated events, asset information, user information, and other details from the incident. These artifacts are then enriched either by using integration with Fortinet Security Fabric products like FortiSIEM, FortiAnalyzer, FortiSandbox, FortiGuard, and the likes, and/or using third party integrations like Virus Total, Anomali ThreatStream, URLVoid, AbuseIPDB, and many others. FortiSOAR helps in taking immediate or approval based remediation actions on the malicious IOCs, for example, blocking it on the Fortigate firewalls or adding it in the FortiSIEM or FortiEDR blacklists.
Current actions supported by the connector:
Create Incident |
Creates a new incident record in FortiAnalyzer based on the incident reporter, affected endpoint, and other input parameters you have specified. |
Fetch Incidents |
Fetches all incidents or specific incidents from FortiAnalyzer based on the input parameters specified. |
Update Incident |
Updates incident fields like severity, category, status, etc. corresponding to a specific incident in FortiAnalyzer based on the incident ID and other input parameters specified. |
Get Events For Incident |
Retrieves all events associated with a specified incident in FortiAnalyzer based on the incident ID you have specified. |
Get Reports |
Retrieves a list of all reports that have been generated or are in the pending state from FortiAnalyzer based on the time frame you have specified. |
List Schedules |
Retrieve a list of all schedules from FortiAnalyzer. |
Run Report |
Runs a report on the FortiAnalyzer based on the report ID and schedule ID you have specified. |
Get Generated Report |
Retrieves a specific generated report from FortiAnalyzer based on the report ID you have specified. |
Let's use this thread to discuss more use cases wrt this integration and suggestions to further enhance the FAZ integration.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.