Fortigate - Firewall, Block/Unblock Domain Object (Canvas, Component)

setup fortigate asset with host & api details deploy component below execute block unblock domain remediation action withoutasset ssp note playbooks are created from v24 2 11, with fortigate connector v1 1 4 import all of the following configure playbook for blocking domain address a open playbook “soc remediation actions“, go to the flow of record actions “block observables”, under the if condition of domain, change component to “execute block/unblock domain remediation action“ b go to component “execute block/unblock domain remediation action“, set fortigate’s network address name at the subplaybook input , according to the predefined network address group’s name provided by the firewall team configure playbook for un blocking domain address a open playbook “soc remediation actions“, go to the flow of record actions “unblock observables”, under the if condition of domain, change component to “execute block/unblock domain remediation action“ b go to component “execute block/unblock domain remediation action“, set fortigate’s network address name at the subplaybook input , according to the predefined network address group’s name provided by the firewall team fortigate actions in component “execute fortigate add address to network address group“ and “execute fortigate remove address from network address group“ are configured to run against $remote pool change it to $default if the turbine instance that you are working on has direct access to fortigate, without remote agent appendix working configurations a create address (domain) b get group member (from predefined address network group’s name) c update network address group d result at fortigate address object created via swimlane result at fortigate address network group updated via swimlane