This app allows the use of the information provided by the FortiNDR Cloud Service to perform containment and investigative actions on Splunk SOAR
Supported Actions
- test connectivity: Validate the asset configuration for connectivity using supplied configuration
- on poll: Retrieve latest Detections from the FortiNDR Cloud Service
- get sensors: Get a list of all sensors
- get devices: Get a list of all devices
- get tasks: Get a list of all the PCAP tasks
- create task: Create a new PCAP task
- get telemetry events: Get event telemetry data grouped by time
- get telemetry packetstats: Get packetstats telemetry data grouped by time
- get telemetry network: Get network telemetry data grouped by time
- get entity summary: Get summary information about an IP or domain
- get entity pdns: Get passive DNS information about an IP or domain
- get entity dhcp: Get DHCP information about an IP address
- get entity file: Get information about a file
- get detections: Get information about the detections
- get detection rules: Get a list of detection rules
- resolve detection: Resolve a specific detection
- get rule events: Get a list of the events that matched on a specific rule
- get detection events: Get a list of the events associated with a specific detection
- create detection rule: Create a new detection rule