Can we update the Elasticsearch connector to ingest triggered alerts in the same way we do for other SIEMs like FortiSIEM and Splunk? Additionally, can we create playbook collections that can be scheduled to ingest these alerts?   Here is the API documentation for retrieving alerts: https://www.elastic.co/guide/en/security/current/signals-api-overview.html   Please let me know if you need any further information ... View more

I would like to request a FortiSOAR connector for illumio if possible, where we can leverage it's API capabilites and perform all the actions like creating a policy, creating labels, Managing Workloads etc. Please find the links below for your reference: - https://www.illumio.com/blog/little-known-features-illumio-core-soar-platforms-integrations#:~:text=Illumio%20integrates%20with%20three%20third%2Dparty%20SOAR%20systems:,integrations%20deliver%20fast%20defense%2Din%2Ddepth%20through%20these%20steps:&text=Through%20its%20integration%20with%20leading%20SOAR%20platforms%2C,by%20zero%2Dday%20malware%20with%20an%20automated%20workflow. REST API Doc: https://product-docs-repo.illumio.com/Tech-Docs/Core/21.5/REST-APIs/out/en/index-en.html?lang=en ... View more

I would like to request a dashboard, where we can keep a track of all the playbooks with respect to their status on the dashboard. I should also have a functionality where we can display specific playbooks with the tags, which will help us in tracking the playbooks for each specific category. Please share your views on this? ... View more

Hello!:)   Within the "Playbooks" menu, it would be great to be able to choose which playbooks I want to see at the beginning of the list of all collections. As a workaround, I am putting as many 0's depending on which place I want it in.   Thanks! ... View more

I would like to request a FortiSOAR connector for Google Bard if possible, where we can ask the questions/ send a message and get the response from AI (similar to the OpenAI connector). ... View more

  Requesting (on behalf of a customer request), a connector for QiAnxin Threat Intelligence. need actions to query IP and File Reputation. ... View more

AlgoSec can add the Firewall Rule that match allow traffic https://www.algosec.com/docs/en/asms/a32.50/asms-help/content/api-guide/api_introduction.htm   We can convert the JSON to Grid and show in the incident like a any-any rule for this traffic https://www.algosec.com/docs/en/asms/a32.50/asms-help/content/api-guide/traffic-simulation-query.htm ... View more

(posting on behalf of internal request)   Requesting Quterra integration with FortiSOAR. https://quttera.com/quttera-anti-malware-api-help Require the connector to enrich URL information. These are the available actions via API: POST /api/v3/<api-key>/url/scan/<domain-name>[.json|.xml|.yaml] Scan a domain/website (new scan) for malware GET /api/v3/<api-key>/url/status/<domain-name>[.json|.xml|.yaml] Get the status of the domain/website scan request GET /api/v3/<api-key>/url/report/<domain-name>[.json|.xml|.yaml] Get the detailed scan report of the domain/website POST /api/v3/<api-key>/ssl/scan/<domain-name>[.json|.xml|.yaml] Retrieve website's SSL certificate GET /api/v3/<api-key>/ssl/status/<domain-name>[.json|.xml|.yaml] Get the status of the SSL information retrieval request GET /api/v3/<api-key>/ssl/report/<domain-name>[.json|.xml|.yaml] Get website's SSL information report POST /api/v3/<api-key>/integrity/scan/<domain-name>[.json|.xml|.yaml] Scan a domain/website for integrity issues GET /api/v3/<api-key>/integrity/status/<domain-name>[.json|.xml|.yaml] Get the status of the domain/website integrity scan request GET /api/v3/<api-key>/integrity/report/<domain-name>[.json|.xml|.yaml] Get the domain/website integrity report POST /api/v3/<api-key>/ports/scan/<domain-name>[.json|.xml|.yaml] Find the opened ports on a domain (only for dedicated solutions - not the case of EDP) GET /api/v3/<api-key>/ports/status/<domain-name>[.json|.xml|.yaml] Get the status of the port scanning request (only for dedicated solutions - not the case of EDP) GET /api/v3/<api-key>/ports/report/<domain-name>[.json|.xml|.yaml] Get the open ports information report (only for dedicated solutions - not the case of EDP) GET /api/v3/<api-key>/blacklist/status/<domain-name>[.json|.xml|.yaml] Get the blacklisting status of the domain GET /api/v3/<api-key>/blacklist/report/<domain-name>[.json|.xml|.yaml] Get the detailed report per supported blacklisting authority ... View more

Custom Connector Action for Kaspersky in FortiSOAR Use Case: While working with the default Kaspersky connector in FortiSOAR, we encountered a limitation—it lacked an action to retrieve device details based on an IP or hostname and it was not able to return the running status. To address this, we developed a custom action to achieve this functionality. Steps to Implement: Developed & Tested the Script Locally We wrote and tested the code in FortiSOAR’s code snippet environment to ensure it retrieved device details correctly.       Updated the info.json File A new operation was added to the connector’s info.json file to define the new action   Modified operations.py A new function was created in operations.py to handle the action. The previously tested script was incorporated into this function.   This enhancement allows users to query Kaspersky for device details using an IP or hostname, significantly improving investigative workflows within FortiSOAR.   How It Works Accepts IP address or hostname as input Queries Kaspersky API to fetch device details Converts integer IPs into readable IPv4 format Formats timestamps for better readability Maps status codes for a human-friendly response Connector Attached! If you have a similar use case, feel free to integrate this into your FortiSOAR environment. :rocket: Would you like additional enhancements, such as better error handling or logging? Let me know! ... View more

Hi FortiTeam,   Zscaler has released and unified all API capabilities under "Zscaler OneAPI" https://www.zscaler.com/fr/blogs/product-insights/zscaler-platform-automation-introducing-oneapi   There's a way to get a new Zscaler connector for OneAPI in parallel of the legacy one already present on the FortiSOAR content hub ?   Here's link to get access to resources :  https://help.zscaler.com/oneapi/understanding-oneapi   In addition, as you cannot reference all actions in the Connector, we really appreciate the way if you are  adding a "send_custom_request" action, its very handy and helping a lot :    send_custom_request Execute an API Call Sends an API request to any API endpoint based on specified HTTP method, endpoint, and other input parameters that you have specified, enabling flexible API interactions tailored to user needs.   Sincerely, Fabien ... View more

I would like to request a FortiSOAR connector for IBM Maximo. This connector should allow us to use Maximo’s API to perform actions like managing assets, creating work orders, ingesting and handling incidents etc.   API Documentation https://community.ibm.com/community/user/asset-facilities/viewdocument/maximos-rest-api-aka-json-api-os?CommunityKey=ed77c224-45e2-47b0-b574-cc31496f9a41&tab=librarydocuments&LibraryFolderKey=6daea7e7-5628-48a6-9791-c272c1e15bae&DefaultView=folder   https://www.ibm.com/docs/en/maximo-eam-saas?topic=applications-integration-apis ... View more

Hi Community,    Is it possible to trigger a playbook whenever a user logs in the SOAR    If yes requesting to share the api call    trying to create session management    if the user is logged in he should not be able to login from any other session   Regards, Kaashif Mohideen K ... View more