# FortiSOAR Integration
Integrating [FortiSOAR](https://www.fortinet.com/products/fortisoar) with ilert enables automated alerting and incident response by sending alert events from FortiSOAR to ilert. This integration helps streamline your security operations and reduces mean time to respond (MTTR) by linking playbook-based automation with ilert's alert management platform.
## In ilert: Create a FortiSOAR alert source
1. Go to **Alert sources** -> **Alert sources** and click **Create new alert source**.
2. Search for **FortiSOAR** in the search field, click the FortiSOAR tile, and then **Next**.
3. Give your alert source a name, optionally assign teams, and click **Next**.
4. Select an **escalation policy** by creating a new one or assigning an existing one.
5. Select your [Alert grouping](https://docs.ilert.com/alerting/configure-alerting/alert-sources#alert-grouping) preference and click **Continue setup**. You may click **Do not group alerts** for now and change it later.
6. The next page shows additional settings, such as customer alert templates or notification priority. Click **Finish setup** for now.
7. On the final page, an API key and/or webhook URL will be generated. You will need it later.
## Prerequisites: Download the ilert FortiSOAR integration connector
*
## In FortiSOAR: Installation and setup of ilert connector
1. In the FortiSOAR sidebar, navigate to **Content Hub**.
2. Navigate to the **Manage** tab.
3. Click **Upload Connector**.
4. Upload the downloaded plugin from [this step](#prerequisites-download-the-ilert-fortisoar-integration-plugin).
5. Provide a **Configuration Name**.
6. Paste the previously copied **Integration URL** from ilert.
7. Click **Save**.
8. The configuration connector status will now be displayed.
## In FortiSOAR: Add new playbooks to send alerts to ilert
### Create a playbook triggered on alert creation
1. Navigate to **Automation → Playbooks**.
2. Select an existing **Collection** or create a new one.
3. Click **Add Playbook**.
4. Enter a name and click **Create**.
5. Choose **On Create** as the trigger step.
6. Enter a **Step Name**, select **Alerts** as the resource, then click **Save**.
7. Add the next step by selecting **Connector** under the **EXECUTE** section.
8. Search for `ilert` and select the ilert connector.
9. Enter a **Step Name**, select your previously created ilert configuration, and choose **Send alert event** as the action.
10. In **Inputs → alert**, enter: `{{vars.input.records[0]}}`.
11. Save the Playbook.
### Create a playbook triggered on alert update
1. Navigate back to your **Collection**.
2. Click **Add Playbook**.
3. Enter a name and click **Create**.
4. Choose **On Update** as the trigger step.
5. Enter a **Step Name**, select **Alerts** as the resource.
6. Add **Status Is Changed** as the trigger condition.
7. Click **Save**.
8. Add the next step and select **Connector** under the **EXECUTE** section.
9. Search for `ilert` and select the ilert connector.
10. Enter a **Step Name**, select your previously created ilert configuration, and choose **Send alert event** as the action.
11. In **Inputs → alert**, enter: `{{vars.input.records[0]}}`.
12. Click **Save**.
13. Save the playbook.
## FAQ
#### **Will alerts in ilert be resolved automatically?**
Yes, as soon as a FortiSOAR sends an alert event with field `status.itemValue` value set to `closed`, corresponding alert in ilert will be resolved.
#### **Will alerts in ilert be acknowledged automatically?**
Yes, as soon as a FortiSOAR sends an alert event with field `status.itemValue` value set to `investigating`, corresponding alert in ilert will be accepted.
#### **Can I test the integration?**
Yes. Create a test alert in FortiSOAR and verify that an alert appears in ilert.
