Good morning friends, could you help me with this question? I have a faz and would like to use the FORTISOC feature. According to the cookbook, tasks can be automated (PLAYBOOKS). All the configuration is done on the faz? Or in the fortigate should some additional configuration be done? for example I would like to Quarantine a fortianalyzer playbooks device. I understand that the fortigate should quarantine the computer, right?
As per the document, when creating a playbook the action is specified based on the connector. If you refer the connector document on same URL, it says "The actions available with FortiOS connectors are determined by automation rules configured on each FortiGate." That means we need to create the automation rules on Fortigate - with trigger as "Incoming Webhook Call" and the corresponding action-. This will be executed by Fortianalyzer once you implement the playbook.
Select a connector type and configure an automated action:
Enter a name for the task.
Enter a description of the task.
Select a connector to use from the dropdown menu. See Connectors.
Select the automated action to be performed.
The FortiOS connector is added after the first FortiGate has been authorized on an ADOM. Additional devices authorized to the ADOM are displayed as separate entries within the same connector. FortiOS connectors are available in FortiGate and Fabric ADOMs.
Enabling FortiOS actions
The actions available with FortiOS connectors are determined by automation rules configured on each FortiGate. Automation rules using the Incoming Webhook trigger must be created in FortiOS before they are shown as actions in FortiAnalyzer. FortiOS automation rules are configured on FortiOS in Security Fabric > Automation. For information on creating FortiOS automation rules, see the FortiOS administration guide.
- Have you found a solution? Then give your helper a "Kudos" and mark the solution.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.