Setup FortiGate Asset with Host & API details:

Execute - Block_Unblock Domain Remediation Action_withoutAsset.ssp

Note: Playbooks are created from v24.2.11, with FortiGate Connector v1.1.4 .

Configure Playbook for Blocking Domain Address

Open playbook “SOC - Remediation Actions“, go to the Flow of Record Actions “Block Observables”, under the IF condition of Domain, change component to “Execute - Block/Unblock Domain Remediation Action“.

Go to Component “Execute - Block/Unblock Domain Remediation Action“, set FortiGate’s Network Address Name at the subplaybook input , according to the predefined network address group’s name provided by the Firewall team.

Configure Playbook for Un-blocking Domain Address

Open playbook “SOC - Remediation Actions“, go to the Flow of Record Actions “Unblock Observables”, under the IF condition of Domain, change component to “Execute - Block/Unblock Domain Remediation Action“.

FortiGate actions in component “Execute - Fortigate - Add Address to Network Address Group“ and “Execute - Fortigate - Remove Address From Network Address Group“ are configured to run against $remote pool. Change it to $default if the Turbine instance that you are working on has direct access to Fortigate, without remote agent.

That shall be it, and you are good to test out and validate the result at Fortigate.

FortiSIEM Get Incidents (By Time), Component

Configuration at Turbine

test12

sdfdssdfsdfsdfsdfdsfsdf

edfsad

dsfsdfsdf

test

specific

var_miha

new_var_2

new_mih_var

mih_var

testheight

available

testulet

testvar

This is a plain text that will be inserted in an expandable heading for using this raw as an exampl

altscenario

This is a plain text that will be inserted in an expandable heading for using this raw as an example

scenario

exemplu

variabila

Archbee

text

refresh_token

YourBank

MyBank

variable_test_video

variable123

silviu

Bogdan_test

ferwhethgte

target1

google

support

product_name

productName1

companyLegalName

programName

customerName1

productName

Product_Name

Test

SEFAS

uptempo

customerName

testName

name1

customername

apilink1-getallmethod

variable_one

capitalize

company_name_adobe

jama_2

jama_1

domain

email

product

Glossary lets you define every tricky term, then gives them a sneak peek explanation on hover... Just like I'm doing with this text right here!

Glossary_feature

Google

aaaa

insitutionAdress

dasdas666

aa112

asdasdas

asdasd

What

New_reusable

test_var2

test_var

Fortinet Fortigate HTTP Bearer Authentication

Our knowledgeable support team and an awesome community will get you an answer in a flash.

Connectors

Configuration

alien vault threat exchange

Alien Vault Threat Exchange Connector

Atlassian Jira

Atlassian Jira Connector

configuration

check point R80

Check Point R80 Connector

splunk

Cisco Splunk Connector

CyberArk

CyberArk Connector

ExtraHop

ExtraHop Connector

Types of fortinet Configurations

Fortinet-Fortigate

Fortinet Fortigate Connector

Google Safe Browsing

Google Safe Browsing Connector

Halopsa

HaloPSA Connector

Invicti Netsparker

Invicti Netsparker Connector

Malware Information Sharing Platform & Threat Sharing

MISP Connector

Microsoft Azure Sentinel Connector

Oauth 2.0 Client Credentials

Microsoft Graph API

Microsoft Graph API Connector

Nozomi Connector

Securonix

Securonix Connector

SentinelOne Connector

ServiceNow

ServiceNow Connector

Symantec_dlp

Symantec DLP Connector

Slack

Slack Connector

Okta

Okta Connector

proofpoint

Proofpoint Connector

Rapid7

Rapid7 InsightIDR V2 Connector

Tenable.SC Connector

Tenable Security Center Connector

Tanium

Tanium Connector