FortiSOAR Knowledge Base
FortiSOAR: Security Orchestration and Response software provides innovative case management, automation, and orchestration. It pulls together all of an organization's tools, helps unify operations, and reduce alert fatigue, context switching, and the mean time to respond to incidents.
Andy_G
Staff
Staff
Article Id 197845
Description

Importing the BPMN Shareable Workflows as a  CyOPs™ Playbooks


CyOPs™ 5.0.0 provides you with the ability to convert a BPMN Shareable Workflows to CyOPs™ playbooks. Business Process Model and Notation (BPMN) is a tool using which you can create flowcharts, and these flowcharts tend to be specific towards cybersecurity workflows. Therefore, this feature provides you with the advantage of importing your BPMN workflows and directly converting them into CyOPs™ playbooks, without the need to again create the same workflow in CyOPs™.


Solution

Import the BPMN Shareable Workflows into CyOPs™ as follows:

  1. Export your BPMN Shareable Workflows from your tool, such as Flowable or Camunda.  
    BPMN workflows are exported in the XML format.

  2. To import the BPMN workflows into CyOPs™:  
    Note: CyOPs™ 5.0.0 supports importing only a single BPMN workflow, i.e., you cannot import a collection of BPMN workflows.


    1. Log into CyOPs™ and click Automation > Playbooks in the left navigation bar.

    2. Click Import BPMN [Beta], which opens the Import BPMN dialog.  
      Note: In CyOPs™ 5.0.0, we are providing a Beta Version of this feature so that users can get a preview of this feature.

      1. In the Import BPMN dialog, do the following:
        From the BPMN Tool drop-down list, select the tool in which you have created your BPMN workflows.
        Note: CyOPs™ 5.0.0 supports Flowable and Camunda.

      2. From the BPMN Output Format drop-down list, select the output format in which your want to convert your BPMN workflow.  
        Note: CyOPs™ 5.0.0 supports only XML as an output format.

      3. Drag and drop the BPMN XML file, or click the Import icon and browse to the XML file to import the BPMN XML file into CyOPs™.  If the XML of the BPMN workflow does contain errors, then a warning will be displayed in the Import BPMN dialog, which will contain the reason why the XML cannot be imported into CyOPs™.   If the XML of the BPMN workflow does not contain any mismatched elements or any other errors, then you will be able to import the workflow as a playbook in CyOPs™.  To import the BPMN workflow file, click Import.This imports the workflow as a playbook in CyOPs™ with the same name as the workflow.
        Note: The name of the playbook and must be unique, i.e., if you have two workflows with the same name that you want to import, you must either change the name of the playbook or click the Replace existing playbook checkbox to replace the existing playbook.CyOPs™ displays the imported workflow in the Playbook Designer as shown in the following image:  Now you can edit the playbook as required in the playbook in CyOPs™ and easily create the automated workflow.


Translation of BPMN workflow steps into CyOPs™ steps in playbooks

The following table specifies which the BPMN workflow steps, Flowable in this case, maps to what CyOPs™ steps in the playbooks:

Flowable (BPMN) step

CyOPs™ steps

Notes

SequenceFlows

Routes

Any SequenceFlows defined in your BPMN workflow get converted to a Decision step in CyOPs™ playbooks.

StartEvents

Trigger steps

Your BPMN workflow must mandatory have a “Start” event which is the starting point of the BPMN workflow. The Start event in the BPMN workflow get converted to a Manual Trigger in CyOPs™ playbooks.

Gateways

Decision Step

Your BPMN workflow must mandatorily have a “Flow Condition” input which must be referenced to the Gateway ID.

UserTasks

Manual Tasks step

Note: If the <userTask is not created according to CyOPs™ Manual Task step requirements, then a generic manual task step is created in the CyOPs™ playbook instead of failing the playbook. After you import the workflow you can update the manual task step.

ServiceTasks

Create Record step Or Update Record step

A <serviceTask> in your BPMN workflow must have the following:  <br />- A “Class” attribute to validate the model.  <br />- The “Class” attribute must be specified as a module  <br />- Addition of a “Class field” which contains either Create or Update.

ScriptTasks

Connector step  or as a Code Snippet step

A <scriptTask> in your BPMN workflow must have the following:  <br />- Name = {{ConnectorName}}  <br />- scriptFormat = {{CyOPs Connector Action}}  <br /> - <script> => CDATA[ {{property mapping}} ]  <br />Note: If the connector that you have defined in the <scriptTask> step is not installed in your CyOPs™ instance, then a generic connector step is created in the CyOPs™ playbook instead of failing the playbook. After you import the workflow you can update the connector step.

MailTasks

SMTP step

The mailTask is type of a <serviceTask> and it must be defined in your BPMN workflow as following:  <br /><serviceTask>  <br />Flowable:type = mail  <br />

HttpTasks

CyOPs Utility Step (REST API call)

The httpTask is type of a <serviceTask> and it must be defined in your BPMN workflow as following:  <br /><serviceTask>  <br />Flowable:type = http  <br />



CyOPs™ 5.0.0 introduces the CyOPs BPMN To CyberSponse Playbooks connector which is used to convert BPMN workflows that are created in tools such as Flowable or Camuda to CyOPs™ playbooks.

This connector is ready to use, and you do not need to configure this connector. For more information on BPMN workflows and how they can be imported and used as CyOPs™ playbooks, see the Importing the BPMN Shareable Workflows as a  CyOPs™ Playbooks topic in the Playbooks Overview chapter in the "Playbooks Guide."


Attached are some sample BPMN XML's of workflows created in Flowable.





Contributors