FortiSOAR Integration

Integrating FortiSOAR with ilert enables automated alerting and incident response by sending alert events from FortiSOAR to ilert. This integration helps streamline your security operations and reduces mean time to respond (MTTR) by linking playbook-based automation with ilert's alert management platform.

In ilert: Create a FortiSOAR alert source

1. Go to Alert sources -> Alert sources and click Create new alert source.

   
2. Search for FortiSOAR in the search field, click the FortiSOAR tile, and then Next.

   
3. Give your alert source a name, optionally assign teams, and click Next.

4. Select an escalation policy by creating a new one or assigning an existing one.

   
5. Select your Alert grouping preference and click Continue setup. You may click Do not group alerts for now and change it later.

   
6. The next page shows additional settings, such as customer alert templates or notification priority. Click Finish setup for now.

7. On the final page, an API key and/or webhook URL will be generated. You will need it later.

Prerequisites: Download the ilert FortiSOAR integration connector

• https://github.com/iLert/ilert-fortisoar

In FortiSOAR: Installation and setup of ilert connector

1. In the FortiSOAR sidebar, navigate to Content Hub.

1. Navigate to the Manage tab.

1. Click Upload Connector.

1. Upload the downloaded plugin from this step.

1. Provide a Configuration Name.

2. Paste the previously copied Integration URL from ilert.

3. Click Save.

1. The configuration connector status will now be displayed.

In FortiSOAR: Add new playbooks to send alerts to ilert

Create a playbook triggered on alert creation

1. Navigate to Automation → Playbooks.

1. Select an existing Collection or create a new one.

1. Click Add Playbook.

2. Enter a name and click Create.

1. Choose On Create as the trigger step.

1. Enter a Step Name, select Alerts as the resource, then click Save.

1. Add the next step by selecting Connector under the EXECUTE section.

1. Search for ilert and select the ilert connector.

1. Enter a Step Name, select your previously created ilert configuration, and choose Send alert event as the action.

2. In Inputs → alert, enter: {{vars.input.records[0]}}.

1. Save the Playbook.

Create a playbook triggered on alert update

1. Navigate back to your Collection.

1. Click Add Playbook.

1. Enter a name and click Create.

1. Choose On Update as the trigger step.

1. Enter a Step Name, select Alerts as the resource.

2. Add Status Is Changed as the trigger condition.

3. Click Save.

1. Add the next step and select Connector under the EXECUTE section.

1. Search for ilert and select the ilert connector.

1. Enter a Step Name, select your previously created ilert configuration, and choose Send alert event as the action.

2. In Inputs → alert, enter: {{vars.input.records[0]}}.

3. Click Save.

1. Save the playbook.

FAQ

Will alerts in ilert be resolved automatically?

Yes, as soon as a FortiSOAR sends an alert event with field status.itemValue value set to closed, corresponding alert in ilert will be resolved.

Will alerts in ilert be acknowledged automatically?

Yes, as soon as a FortiSOAR sends an alert event with field status.itemValue value set to investigating, corresponding alert in ilert will be accepted.

Can I test the integration?

Yes. Create a test alert in FortiSOAR and verify that an alert appears in ilert.