Use Case:

While working with the default Kaspersky connector in FortiSOAR, we encountered a limitation—it lacked an action to retrieve device details based on an IP or hostname and it was not able to return the running status. To address this, we developed a custom action to achieve this functionality.

Steps to Implement:

• Developed & Tested the Script Locally

  • We wrote and tested the code in FortiSOAR’s code snippet environment to ensure it retrieved device details correctly.

• Updated the info.json File

  • A new operation was added to the connector’s info.json file to define the new action

• Modified operations.py

  • A new function was created in operations.py to handle the action.
  • The previously tested script was incorporated into this function.

This enhancement allows users to query Kaspersky for device details using an IP or hostname, significantly improving investigative workflows within FortiSOAR.

How It Works

• Accepts IP address or hostname as input
• Queries Kaspersky API to fetch device details
• Converts integer IPs into readable IPv4 format
• Formats timestamps for better readability
• Maps status codes for a human-friendly response

Connector Attached!

If you have a similar use case, feel free to integrate this into your FortiSOAR environment. :rocket:

Would you like additional enhancements, such as better error handling or logging? Let me know!