Showing ideas with status New.
Show all ideas
Hello!:) Within the "Playbooks" menu, it would be great to be able to choose which playbooks I want to see at the beginning of the list of all collections. As a workaround, I am putting as many 0's depending on which place I want it in. Thanks!
... View more
Posting on behalf of an internal request, a FortiSOAR connector for OpenCTI Threat intelligence. 
Build actions using an open source platform in order to structure, store, organize and visualize technical and non-technical information about cyber threats. 
OpenCTI can be integrated with tools and applications such as MISP, TheHive, MITRE ATT&CK, etc.  
Reference Link: https://github.com/OpenCTI-Platform/opencti
... View more
Posting on behalf of an internal request, come collaborate with FortiSOAR for the
Cyberpion Threat Intelligence connector. Build around actions that can analyze the connections of your online assets and audit them according to the nature of the connections.
Reference Link: https://www.cybersecurityintelligence.com/cyberpion-7217.html
... View more
Posting on behalf of an internal request, a connector for DataDog SIEM.
Need actions to send logs to Logz.io Cloud SIEM from any data source, and connect new insights back to your existing tool stack.
Reference Link: https://logz.io/platform/cloud-siem/
... View more
Posting on behalf of an internal request, a connector for DataDog SIEM.
Need actions to analyse operational and security logs in real time.
Reference Link: https://www.datadoghq.com/product/cloud-siem/
... View more
AlgoSec can add the Firewall Rule that match allow traffic
https://www.algosec.com/docs/en/asms/a32.50/asms-help/content/api-guide/api_introduction.htm
We can convert the JSON to Grid and show in the incident like a any-any rule for this traffic
https://www.algosec.com/docs/en/asms/a32.50/asms-help/content/api-guide/traffic-simulation-query.htm
... View more
(posting on behalf of internal request)
Requesting Quterra integration with FortiSOAR.
https://quttera.com/quttera-anti-malware-api-help
Require the connector to enrich URL information. These are the available actions via API: POST /api/v3/<api-key>/url/scan/<domain-name>[.json|.xml|.yaml] Scan a domain/website (new scan) for malware GET /api/v3/<api-key>/url/status/<domain-name>[.json|.xml|.yaml] Get the status of the domain/website scan request GET /api/v3/<api-key>/url/report/<domain-name>[.json|.xml|.yaml] Get the detailed scan report of the domain/website POST /api/v3/<api-key>/ssl/scan/<domain-name>[.json|.xml|.yaml] Retrieve website's SSL certificate GET /api/v3/<api-key>/ssl/status/<domain-name>[.json|.xml|.yaml] Get the status of the SSL information retrieval request GET /api/v3/<api-key>/ssl/report/<domain-name>[.json|.xml|.yaml] Get website's SSL information report POST /api/v3/<api-key>/integrity/scan/<domain-name>[.json|.xml|.yaml] Scan a domain/website for integrity issues GET /api/v3/<api-key>/integrity/status/<domain-name>[.json|.xml|.yaml] Get the status of the domain/website integrity scan request GET /api/v3/<api-key>/integrity/report/<domain-name>[.json|.xml|.yaml] Get the domain/website integrity report POST /api/v3/<api-key>/ports/scan/<domain-name>[.json|.xml|.yaml] Find the opened ports on a domain (only for dedicated solutions - not the case of EDP) GET /api/v3/<api-key>/ports/status/<domain-name>[.json|.xml|.yaml] Get the status of the port scanning request (only for dedicated solutions - not the case of EDP) GET /api/v3/<api-key>/ports/report/<domain-name>[.json|.xml|.yaml] Get the open ports information report (only for dedicated solutions - not the case of EDP) GET /api/v3/<api-key>/blacklist/status/<domain-name>[.json|.xml|.yaml] Get the blacklisting status of the domain GET /api/v3/<api-key>/blacklist/report/<domain-name>[.json|.xml|.yaml] Get the detailed report per supported blacklisting authority
... View more
Custom Connector Action for Kaspersky in FortiSOAR Use Case: While working with the default Kaspersky connector in FortiSOAR, we encountered a limitation—it lacked an action to retrieve device details based on an IP or hostname and it was not able to return the running status. To address this, we developed a custom action to achieve this functionality. Steps to Implement: Developed & Tested the Script Locally We wrote and tested the code in FortiSOAR’s code snippet environment to ensure it retrieved device details correctly. Updated the info.json File A new operation was added to the connector’s info.json file to define the new action Modified operations.py A new function was created in operations.py to handle the action. The previously tested script was incorporated into this function. This enhancement allows users to query Kaspersky for device details using an IP or hostname, significantly improving investigative workflows within FortiSOAR. How It Works Accepts IP address or hostname as input Queries Kaspersky API to fetch device details Converts integer IPs into readable IPv4 format Formats timestamps for better readability Maps status codes for a human-friendly response Connector Attached! If you have a similar use case, feel free to integrate this into your FortiSOAR environment. :rocket: Would you like additional enhancements, such as better error handling or logging? Let me know!
... View more
Hi FortiTeam, Zscaler has released and unified all API capabilities under "Zscaler OneAPI" https://www.zscaler.com/fr/blogs/product-insights/zscaler-platform-automation-introducing-oneapi There's a way to get a new Zscaler connector for OneAPI in parallel of the legacy one already present on the FortiSOAR content hub ? Here's link to get access to resources : https://help.zscaler.com/oneapi/understanding-oneapi In addition, as you cannot reference all actions in the Connector, we really appreciate the way if you are adding a "send_custom_request" action, its very handy and helping a lot : send_custom_request Execute an API Call Sends an API request to any API endpoint based on specified HTTP method, endpoint, and other input parameters that you have specified, enabling flexible API interactions tailored to user needs. Sincerely, Fabien
... View more
Hi Community, Is it possible to trigger a playbook whenever a user logs in the SOAR If yes requesting to share the api call trying to create session management if the user is logged in he should not be able to login from any other session Regards, Kaashif Mohideen K
... View more
Status:
New
Submitted on
‎01-23-2024
12:27 AM
Submitted by
ShripadNighojkar
on
‎01-23-2024
12:27 AM
Hi, Please consider implementing the option to specify separate fields for "To" and "CC" email id for 'Manual Input from User' in the product. pl refer screen shot. -Shripad
... View more
Status:
New
Submitted on
‎12-07-2023
09:32 AM
Submitted by
yashbhagwanani
on
‎12-07-2023
09:32 AM
I would like to request a connector for ThreatX WAF, to perfom operations from SOAR. I believe it has the API capabilities. Thank you.
... View more
Status:
New
Submitted on
‎11-20-2023
04:28 AM
Submitted by
ShripadNighojkar
on
‎11-20-2023
04:28 AM
Hi, Can we have connector of Azure commands (called az commands). Az commands are Azure native commands for Azure resources configurations. By using we can extend the attack mitigation using FortiSOAR effectively & quickly . Use case: Azure Blob Storage with open internet access, is the alert from SIEM and can be remediated by using az commands and syntax to restrict with specific IP address. Shripad Nighojkar
... View more
Status:
New
Submitted on
‎09-22-2023
10:04 AM
Submitted by
yashbhagwanani
on
‎09-22-2023
10:04 AM
I would like to request a connector action for FortiSOAR, which can help in bouncing the VPN tunnel for the firewalls: Fortinet FortiGate, Palo Alto Firewall and Cisco Firewalls.
... View more
With unwavering dedication, we foster the FortiSOAR community, continuously sharing ideas and extending a warm invitation to cybersecurity enthusiasts to join our collaborative journey.
If you are interested, please reach out to fsr-integrations@fortinet.com, where our experts provide technical guidance to support your contributions.
Once your efforts are complete, we proudly publish your work at the FortiSOAR content hub (https://fortisoar.contenthub.fortinet.com/), acknowledging your name or your organization as a valued contributor.
For a starting point, visit https://github.com/fortinet-fortisoar/how-tos
... View more
Status:
New
Submitted on
‎07-17-2023
01:34 PM
Submitted by
yashbhagwanani
on
‎07-17-2023
01:34 PM
I would like to request a fortisoar connector for Cyglass as I want to integrate cyglass alerts with FortiSOAR (especially the smart alerts from CyGlass).
... View more
Status:
New
Submitted on
‎07-14-2023
09:53 AM
Submitted by
yashbhagwanani
on
‎07-14-2023
09:53 AM
FortiSOAR AWS connector to create new workspace for user will be very helpful, especially for onboarding of new employees.
... View more
Posting on behalf of an internal request, a FortiSOAR connector for Hunters.AI Threat Intelligence.
Build actions around a platform that helps security operations see and stop attacks at their root.
Reference Link: https://www.hunters.security/about-us
... View more
Posting on behalf of an internal request, a FortiSOAR connector for OpenPhish Threat Intelligence. 
Participate in building actions around a fully automated self-contained platform for phishing intelligence.
Reference Link: https://openphish.com/faq.html
... View more
Posting on behalf of an internal request, a FortiSOAR connector for Lumu SecOps.
Build actions that configure real-time incident responses and feed incident data to your SecOps tools.
Reference Link: https://lumu.io/sec-ops/
... View more
