FortiNDRCloud

This app allows the use of the information provided by the FortiNDR Cloud Service to perform containment and investigative actions on Splunk SOAR

Supported Actions

• test connectivity: Validate the asset configuration for connectivity using supplied configuration
• on poll: Retrieve latest Detections from the FortiNDR Cloud Service
• get sensors: Get a list of all sensors
• get devices: Get a list of all devices
• get tasks: Get a list of all the PCAP tasks
• create task: Create a new PCAP task
• get telemetry events: Get event telemetry data grouped by time
• get telemetry packetstats: Get packetstats telemetry data grouped by time
• get telemetry network: Get network telemetry data grouped by time
• get entity summary: Get summary information about an IP or domain
• get entity pdns: Get passive DNS information about an IP or domain
• get entity dhcp: Get DHCP information about an IP address
• get entity file: Get information about a file
• get detections: Get information about the detections
• get detection rules: Get a list of detection rules
• resolve detection: Resolve a specific detection
• get rule events: Get a list of the events that matched on a specific rule
• get detection events: Get a list of the events associated with a specific detection
• create detection rule: Create a new detection rule