Status:
Investigating
Submitted on
‎03-03-2025
08:59 AM
Submitted by
gurveersingh
on
‎03-03-2025
08:59 AM
Can we update the Elasticsearch connector to ingest triggered alerts in the same way we do for other SIEMs like FortiSIEM and Splunk? Additionally, can we create playbook collections that can be scheduled to ingest these alerts? Here is the API documentation for retrieving alerts: https://www.elastic.co/guide/en/security/current/signals-api-overview.html Please let me know if you need any further information
... View more
Status:
Accepted
Submitted on
‎11-21-2024
12:01 PM
Submitted by
yashbhagwanani
on
‎11-21-2024
12:01 PM
I would like to request a FortiSOAR connector for illumio if possible, where we can leverage it's API capabilites and perform all the actions like creating a policy, creating labels, Managing Workloads etc. Please find the links below for your reference: - https://www.illumio.com/blog/little-known-features-illumio-core-soar-platforms-integrations#:~:text=Illumio%20integrates%20with%20three%20third%2Dparty%20SOAR%20systems:,integrations%20deliver%20fast%20defense%2Din%2Ddepth%20through%20these%20steps:&text=Through%20its%20integration%20with%20leading%20SOAR%20platforms%2C,by%20zero%2Dday%20malware%20with%20an%20automated%20workflow. REST API Doc: https://product-docs-repo.illumio.com/Tech-Docs/Core/21.5/REST-APIs/out/en/index-en.html?lang=en
... View more
Status:
Accepted
Submitted on
‎07-10-2023
07:34 AM
Submitted by
yashbhagwanani
on
‎07-10-2023
07:34 AM
I would like to request a dashboard, where we can keep a track of all the playbooks with respect to their status on the dashboard. I should also have a functionality where we can display specific playbooks with the tags, which will help us in tracking the playbooks for each specific category. Please share your views on this?
... View more
Hello!:) Within the "Playbooks" menu, it would be great to be able to choose which playbooks I want to see at the beginning of the list of all collections. As a workaround, I am putting as many 0's depending on which place I want it in. Thanks!
... View more
Status:
Delivered
Submitted on
‎05-21-2023
10:42 PM
Submitted by
Anonymous
on
‎05-21-2023
10:42 PM
Posting on behalf of an internal request, a FortiSOAR connector for ZeroFox Threat intelligence.   Join forces with FortiSOAR, to support a robust external cybersecurity program that disrupts threat actors where they operate: across the surface, deep, and dark web; before they attack vulnerable assets.
Reference Link: https://www.zerofox.com/why-zerofox/ 
 
... View more
Status:
Delivered
Submitted on
‎07-10-2023
07:31 AM
Submitted by
yashbhagwanani
on
‎07-10-2023
07:31 AM
I would like to request a FortiSOAR connector for Google Bard if possible, where we can ask the questions/ send a message and get the response from AI (similar to the OpenAI connector).
... View more
Status:
Delivered
Submitted on
‎05-31-2023
10:34 PM
Submitted by
Anonymous
on
‎05-31-2023
10:34 PM
Posting on behalf of an internal request, a FortiSOAR connector for OpenCTI Threat intelligence. 
Build actions using an open source platform in order to structure, store, organize and visualize technical and non-technical information about cyber threats. 
OpenCTI can be integrated with tools and applications such as MISP, TheHive, MITRE ATT&CK, etc.  
Reference Link: https://github.com/OpenCTI-Platform/opencti
... View more
Posting on behalf of an internal request, a FortiSOAR connector for OpenCTI Threat intelligence. 
Build actions using an open source platform in order to structure, store, organize and visualize technical and non-technical information about cyber threats. 
OpenCTI can be integrated with tools and applications such as MISP, TheHive, MITRE ATT&CK, etc.  
Reference Link: https://github.com/OpenCTI-Platform/opencti
... View more
Status:
Delivered
Submitted on
‎05-18-2023
11:33 PM
Submitted by
Anonymous
on
‎05-18-2023
11:33 PM
Posting on behalf of an internal request, build actions to leverage timely, actionable and accurate email threat insights to avoid a potential breach by building the FortiSOAR connector for Cofense.
Reference Link: https://cofense.com/product-services/phishing-intelligence/
... View more
Posting on behalf of an internal request, come collaborate with FortiSOAR for the
Cyberpion Threat Intelligence connector. Build around actions that can analyze the connections of your online assets and audit them according to the nature of the connections.
Reference Link: https://www.cybersecurityintelligence.com/cyberpion-7217.html
... View more
Posting on behalf of an internal request, a connector for DataDog SIEM.
Need actions to send logs to Logz.io Cloud SIEM from any data source, and connect new insights back to your existing tool stack.
Reference Link: https://logz.io/platform/cloud-siem/
... View more
Posting on behalf of an internal request, a connector for DataDog SIEM.
Need actions to analyse operational and security logs in real time.
Reference Link: https://www.datadoghq.com/product/cloud-siem/
... View more
Requesting (on behalf of a customer request), a connector for QiAnxin Threat Intelligence.
need actions to query IP and File Reputation.
... View more
AlgoSec can add the Firewall Rule that match allow traffic
https://www.algosec.com/docs/en/asms/a32.50/asms-help/content/api-guide/api_introduction.htm
We can convert the JSON to Grid and show in the incident like a any-any rule for this traffic
https://www.algosec.com/docs/en/asms/a32.50/asms-help/content/api-guide/traffic-simulation-query.htm
... View more
(posting on behalf of internal request)
Requesting Quterra integration with FortiSOAR.
https://quttera.com/quttera-anti-malware-api-help
Require the connector to enrich URL information. These are the available actions via API: POST /api/v3/<api-key>/url/scan/<domain-name>[.json|.xml|.yaml] Scan a domain/website (new scan) for malware GET /api/v3/<api-key>/url/status/<domain-name>[.json|.xml|.yaml] Get the status of the domain/website scan request GET /api/v3/<api-key>/url/report/<domain-name>[.json|.xml|.yaml] Get the detailed scan report of the domain/website POST /api/v3/<api-key>/ssl/scan/<domain-name>[.json|.xml|.yaml] Retrieve website's SSL certificate GET /api/v3/<api-key>/ssl/status/<domain-name>[.json|.xml|.yaml] Get the status of the SSL information retrieval request GET /api/v3/<api-key>/ssl/report/<domain-name>[.json|.xml|.yaml] Get website's SSL information report POST /api/v3/<api-key>/integrity/scan/<domain-name>[.json|.xml|.yaml] Scan a domain/website for integrity issues GET /api/v3/<api-key>/integrity/status/<domain-name>[.json|.xml|.yaml] Get the status of the domain/website integrity scan request GET /api/v3/<api-key>/integrity/report/<domain-name>[.json|.xml|.yaml] Get the domain/website integrity report POST /api/v3/<api-key>/ports/scan/<domain-name>[.json|.xml|.yaml] Find the opened ports on a domain (only for dedicated solutions - not the case of EDP) GET /api/v3/<api-key>/ports/status/<domain-name>[.json|.xml|.yaml] Get the status of the port scanning request (only for dedicated solutions - not the case of EDP) GET /api/v3/<api-key>/ports/report/<domain-name>[.json|.xml|.yaml] Get the open ports information report (only for dedicated solutions - not the case of EDP) GET /api/v3/<api-key>/blacklist/status/<domain-name>[.json|.xml|.yaml] Get the blacklisting status of the domain GET /api/v3/<api-key>/blacklist/report/<domain-name>[.json|.xml|.yaml] Get the detailed report per supported blacklisting authority
... View more
Custom Connector Action for Kaspersky in FortiSOAR Use Case: While working with the default Kaspersky connector in FortiSOAR, we encountered a limitation—it lacked an action to retrieve device details based on an IP or hostname and it was not able to return the running status. To address this, we developed a custom action to achieve this functionality. Steps to Implement: Developed & Tested the Script Locally We wrote and tested the code in FortiSOAR’s code snippet environment to ensure it retrieved device details correctly. Updated the info.json File A new operation was added to the connector’s info.json file to define the new action Modified operations.py A new function was created in operations.py to handle the action. The previously tested script was incorporated into this function. This enhancement allows users to query Kaspersky for device details using an IP or hostname, significantly improving investigative workflows within FortiSOAR. How It Works Accepts IP address or hostname as input Queries Kaspersky API to fetch device details Converts integer IPs into readable IPv4 format Formats timestamps for better readability Maps status codes for a human-friendly response Connector Attached! If you have a similar use case, feel free to integrate this into your FortiSOAR environment. :rocket: Would you like additional enhancements, such as better error handling or logging? Let me know!
... View more
Hi FortiTeam, Zscaler has released and unified all API capabilities under "Zscaler OneAPI" https://www.zscaler.com/fr/blogs/product-insights/zscaler-platform-automation-introducing-oneapi There's a way to get a new Zscaler connector for OneAPI in parallel of the legacy one already present on the FortiSOAR content hub ? Here's link to get access to resources : https://help.zscaler.com/oneapi/understanding-oneapi In addition, as you cannot reference all actions in the Connector, we really appreciate the way if you are adding a "send_custom_request" action, its very handy and helping a lot : send_custom_request Execute an API Call Sends an API request to any API endpoint based on specified HTTP method, endpoint, and other input parameters that you have specified, enabling flexible API interactions tailored to user needs. Sincerely, Fabien
... View more
Status:
Accepted
Submitted on
‎01-29-2025
11:19 AM
Submitted by
gurveersingh
on
‎01-29-2025
11:19 AM
I would like to request a FortiSOAR connector for IBM Maximo. This connector should allow us to use Maximo’s API to perform actions like managing assets, creating work orders, ingesting and handling incidents etc. API Documentation https://community.ibm.com/community/user/asset-facilities/viewdocument/maximos-rest-api-aka-json-api-os?CommunityKey=ed77c224-45e2-47b0-b574-cc31496f9a41&tab=librarydocuments&LibraryFolderKey=6daea7e7-5628-48a6-9791-c272c1e15bae&DefaultView=folder https://www.ibm.com/docs/en/maximo-eam-saas?topic=applications-integration-apis
... View more
Hi Community, Is it possible to trigger a playbook whenever a user logs in the SOAR If yes requesting to share the api call trying to create session management if the user is logged in he should not be able to login from any other session Regards, Kaashif Mohideen K
... View more
Status:
New
Submitted on
‎01-23-2024
12:27 AM
Submitted by
ShripadNighojkar
on
‎01-23-2024
12:27 AM
Hi, Please consider implementing the option to specify separate fields for "To" and "CC" email id for 'Manual Input from User' in the product. pl refer screen shot. -Shripad
... View more