https://update.cybersponse.com/connectors/deps/simple/
You can also change other relevant pip settings such as altering the timeout or retry count setting. See https://pip.pypa.io/en/stable/user_guide/#config-file for a listing of the relevant pip settings. For example, to increase the timeout value add the following in the pip.conf
file: timeout = 60
.
Use the Connector Store to easily view, search, install, upgrade, and uninstall connectors that are part of the FortiSOAR™ repository. Therefore, you can now perform these operations using the FortiSOAR™ UI instead of required CLI access.
Following are the permissions that you must be assigned to perform operations for connectors:
Create
and Read
access to the Connectors
module and Read
access to the Playbooks
module.Update
and Read
access to the Connectors
module and Read
access to the Playbooks
module.Delete
and Read
access to the Connectors
module and Read
access to the Playbooks
module.Read
access to the Connectors
and Playbooks
module. To go to the connector store, click Automation > Connectors. On the Connectors
page, click the Connector Store button. The Connector Store
page appears as shown in the following image:
You can search for a connector by connector name in the Search by connector name field.
The Connector Store
page contains a filter for installed and not installed connectors. You can filter connectors by clicking the Filter drop-down list and choosing between All, Installed or Not Installed filters. The chosen filter applies only to the Connector Store
page.
Connectors that you can install appear with an Install (blue) icon as shown in the above image. To install a connector, click the connector card of the connector that you want to install, for example, AlienValult OTX, which opens a popup with the connector name:
The connector popup contains details such as, a brief description of the connector, whether the connector is certified or not, who is the publisher of the connector, a list of actions the connector can perform, link to the connector documentation, etc.
Click Install in the connector name popup to begin the installation of the connector, as shown in the following image:
Once installation is complete, FortiSOAR™ displays the "Connector Installed successfully" message, Active
is displayed on the popup, and on the main connectors page you will see the installed connectors number increase by 1. After installing the connector, you must configure the connector by entering the required configuration details in the connector popup:
You can also configure the connector on the Connectors
page by clicking the connector name card, which will also display the same connector popup.
To uninstall a connector, click the Uninstall Connector icon, in the connector popup. FortiSOAR™ displays a Confirmation dialog, click Confirm to uninstall the connector. FortiSOAR™ displays the "Connector uninstalled successfully" message and the installed connectors number decreases by 1.
Use the Connector Store to install and configure connectors in FortiSOAR™. To install a connector, you must be assigned a role that has a minimum of Create
access to the Connectors
module. To configure connectors into FortiSOAR™, you must be assigned a role that has a minimum of Update
access to the Connectors
module.
Installed Connectors
page, you will see the list of installed connectors, either in grid/list view or in the card view. You will also see an Data Ingestion tab on the Connectors
page, which has been introduced in FortiSOAR™ 6.0.0. The Data Ingestion tab displays the connectors that are enabled for the data ingestion wizard, for information on the Data Ingestion tab, see the Data Ingestion chapter. Installed Connector
page in the Card view:Connectors
page, you can see the number of connectors that are installed, for example, in the above image 11 connectors are installed. In the top bar, you can also view if any connector that is installed and configured on your system has an upgraded version, for example, if you have version 2.1.0 of the Anomali ThreatStream connector installed on your system and Fortinet has released a newer version of this connector, i.e., version 2.2.0 of the Anomali ThreatStream connector, and similarly there is an update to the HP ArcSight connector also, then the Updates button will display 2. To update a connector that you have installed and configured on your system, click the Updates button, which will display the connectors with the updated version. You can choose to then install the updated connector.Installed Connectors
page. Connectors
page. Following is an image of the Connector page in the grid view: Delete
access to the Connectors
module.Name
for each configuration in the Configuration Name field. password
type fields in FortiSOAR™ include encryption and decryption. Passwords are encrypted before saving them into the database and decrypted when they are used in actions. In case of an upgrade, connectors that are already installed will work with stored passwords. If your administrator has defined secrets (Deprecated) or configured an external vault to securely store your organization's sensitive data and credentials, then you can use the Dynamic Values dialog to enter the credentials for your connector as shown in the following image: True
. For more information, see How the connector framework verifies the server certificate when it's self-signed.Health Check
bar. The Health Check checks if the configuration parameters you have specified are correct and if connectivity can be established to the specified server, endpoint or API.Points to be considered for connector configurations while upgrading to a newer version of the connector
If you are upgrading a connector to a newer version, you must be assigned a role that has a minimum of Upgrade
access to the Connectors
module. For example, if you are upgrading the Symantec Security Analytics connector version from v1.0.0 to v2.0.0, then keep a note of the following points:
info.json
file of the connector), then the configuration pane of the newer version of the connector will contain the default value for this configuration field. For more information on the connector framework and the info.json
file, see the Building a custom connector chapter.info.json
file of the connector), then the configuration pane of the newer version of the connector will contain a blank
value for this configuration field. If you also do not specify a value for this mandatory configuration field, then the connector configuration pane will display Partially Configured, and an error will also be displayed in the Playbook Execution Log. For more information on the Playbook Execution Log, see the Debugging and Optimizing Playbooks chapter in the "Playbooks Guide."info.json
file of the connector), then that value will be displayed for this configuration field the configuration pane of the newer version of the connector. If however FortiSOAR™ has not defined the default value and you also do not specify a value for this mandatory configuration field, then the configuration pane of the newer version of the connector will contain a blank
value for this configuration field, and the connector configuration pane will display Partially Configured. An error will also be displayed in the Playbook Execution Log. For more information on the Playbook Execution Log, see the Debugging and Optimizing Playbooks chapter in the "Playbooks Guide."info.json
file of the connector), then the configuration pane of the newer version of the connector will contain the default value for this configuration field. If there is no default value is set, then its value is set as blank
.You can set up a global variable to route all playbooks and connectors traffic using proxy servers.
/etc/uwsgi.ini
file with proxy server configurations as variables: [root@cybersponse csadmin]# vi /etc/uwsgi.ini
uwsgi.ini
file:env=HTTP_PROXY=http://proxy-server-ip:port
env=HTTPS_PROXY=http://proxy-server-ip:port
# systemctl restart uwsgi
The connector framework is explained in the Building a custom connector chapter.
All connector calls are made by the python requests library reading the certificate from /opt/cyops-integrations/.env/lib/python3.6/site-packages/certifi/cacert.pem
. Therefore, for any connector, when you set verify_ssl
to true
, and it's a self-signed cert, then the cacert
must be appended to this file. If it's a chain of trust, then you must add the entire chain in the pem
format. You must also ensure that the server address added in the connector configuration matches the CN in the certificate.
Note
A .key
file has the path to a PEM encoded file containing the private key. A .pem
file has the path to a PEM encoded file containing the certificate (or certificate chain) that will be presented when requested.
If you are using the HTTPS proxy for external connections, then you must ensure that proxy certificate is added here also, if the Verify SSL
is set to true in the connector configuration.
Some commands that you can use to get the pem
certificate chain:
# openssl s_client -connect {HOSTNAME}:{PORT} -showcerts
OR
If you have the certificate already in a .crt
, .cer
, .der
format, then you need to convert to the pem
format: # openssl x509 -inform der -in certificate.cer -out certificate.pem