Description |
This article describes how users may prevent the URLs from appearing publicly on URLScan.io's website by keeping the Private mode of artifact submission checked in FortiSOAR's URLScan.io integration. |
Scope | FortiSOAR users integrating URLScan.io's API for enrichment must review this advisory. |
Solution |
FortiSOAR users are strongly encouraged to evaluate their URL enrichment settings. FortiSOAR URLScan.io integration supports both public and private ways of artifact submission. Use the Private mode to use the integration for enriching URLs containing sensitive information. It is strongly advised to update to integration version 1.1.2 where Private enrichment mode is enabled by default.
Upgrading URLScan.io Connector to v1.1.2.
1) On FortiSOAR, select the Manage tab. 2) Select the URLScan.io connector card. 3) Select the button Update to v1.1.2. Wait for the installation to complete.
Enabling Private Mode Without Upgrading.
1) In FortiSOAR, open Automation -> Playbooks. 2) Select Sample - URLScan.io - 1.x.x playbook collection to open it. For users on SOAR Framework Solution Pack version earlier than v2.0.0, select 03 - Enrich collection to open it. 3) Select to open Submit URL playbook. 4) Double-click to open the Submit URL playbook step. 5) Select the checkbox to enable Private Scan. 6) Select the Save button to apply and save the changes.
The URLScan.io connector now uses Private mode to submit links for enrichment. |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.