Created FortiSIEM Get Incidents component, allowing us to pull Incidents based on the defined “Time Front” and “Time To” input parameters. The component has integrated with SOC Solutions Bundle’s component named “Execute - Process Bulk Alerts“, which automates the process of TI enrichment and Case record creation.

The creation of the component was referencing ElasticSecurity Get Signals component.

 The component is created from TP24.2.8, with FortiSIEM v7 Connector version 1.1.1 . blue book .

1. Download this component and upload to the Turbine instance. FortiSIEM v7 Get Incidents.ssp

2. Import SSP via Turbine console > Applications and Applets > + sign at the top right corner > Upload the file in [1]

3. Upon import, you shall see the list of Asset / Component / Connector, choose the following and import: -

‘FortiSIEM v7 Get Incidents’ component

'AT - Bulk Ingest Alerts, FortiSIEM v7' playbook.

4. Update Asset details accordingly, URL, Username and Password:

5. Go to playbook named “AT - Bulk Ingest Alerts, FortiSIEM v7“, configure action name ‘Get Time’, and set your desired ‘Time From’ / ‘Time To’ accordingly.

Playbook Test Result-1 Entry playbook ‘AT - Bulk Ingest Alerts, FortiSIEM v7’, and Component’s result of ‘FortiSIEM v7 Get Incidents’

FortiSIEM v7 Get Incidents Action setting

Case Record Creation using FortiSIEM Incident

Fortigate - Firewall, Block/Unblock IPv4 Address Object (Canvas, Component)

FortiSIEM Get Incidents (By Time), Component

test12

sdfdssdfsdfsdfsdfdsfsdf

edfsad

dsfsdfsdf

test

specific

var_miha

new_var_2

new_mih_var

mih_var

testheight

available

testulet

testvar

This is a plain text that will be inserted in an expandable heading for using this raw as an exampl

altscenario

This is a plain text that will be inserted in an expandable heading for using this raw as an example

scenario

exemplu

variabila

Archbee

text

refresh_token

YourBank

MyBank

variable_test_video

variable123

silviu

Bogdan_test

ferwhethgte

target1

google

support

product_name

productName1

companyLegalName

programName

customerName1

productName

Product_Name

Test

SEFAS

uptempo

customerName

testName

name1

customername

apilink1-getallmethod

variable_one

capitalize

company_name_adobe

jama_2

jama_1

domain

email

product

Glossary lets you define every tricky term, then gives them a sneak peek explanation on hover... Just like I'm doing with this text right here!

Glossary_feature

Google

aaaa

insitutionAdress

dasdas666

aa112

asdasdas

asdasd

What

New_reusable

test_var2

test_var

Configuration at Turbine

Our knowledgeable support team and an awesome community will get you an answer in a flash.

Connectors

Configuration

alien vault threat exchange

Alien Vault Threat Exchange Connector

Atlassian Jira

Atlassian Jira Connector

configuration

check point R80

Check Point R80 Connector

splunk

Cisco Splunk Connector

CyberArk

CyberArk Connector

ExtraHop

ExtraHop Connector

Types of fortinet Configurations

Fortinet-Fortigate

Fortinet Fortigate Connector

Google Safe Browsing

Google Safe Browsing Connector

Halopsa

HaloPSA Connector

Invicti Netsparker

Invicti Netsparker Connector

Malware Information Sharing Platform & Threat Sharing

MISP Connector

Microsoft Azure Sentinel Connector

Oauth 2.0 Client Credentials

Microsoft Graph API

Microsoft Graph API Connector

Nozomi Connector

Securonix

Securonix Connector

SentinelOne Connector

ServiceNow

ServiceNow Connector

Symantec_dlp

Symantec DLP Connector

Slack

Slack Connector

Okta

Okta Connector

proofpoint

Proofpoint Connector

Rapid7

Rapid7 InsightIDR V2 Connector

Tenable.SC Connector

Tenable Security Center Connector

Tanium

Tanium Connector