CyOPs™ provides you with the ability to view the nodes related to a particular record visually. In the Editable Form Group
and Summary
widgets, you can choose the Correlations Graph option for fields that have their field type set as Text Area
.
Following is an image of a sample Correlation Graph that you can view in the Detail view of an Alert record:
To build a Correlation Graph, you must provide the input data in a particular JSON format, an example of which follows:
[ { "id": "/api/3/alerts/e627b3c3-b3db-41ca-8291-d3eb1e40760b", "data": { "$type": "star", "$color": "#e31b1d" }, "name": "ALERT-408: IMAP -WIN-EXCH.cyo...", "adjacencies": [ { "data": {}, "nodeTo": "/api/3/incidents/22e6291d-3908-4bf9-a151-08bfaef8dcfb", "nodeFrom": "/api/3/alerts/e627b3c3-b3db-41ca-8291-d3eb1e40760b" } ] }, { "id": "/api/3/incidents/22e6291d-3908-4bf9-a151-08bfaef8dcfb", "data": { "$type": "square", "$color": "#DE7A13" }, "name": "INCIDENT-414: Security Lock C...", "adjacencies": [ { "data": {}, "nodeTo": "/api/3/alerts/e627b3c3-b3db-41ca-8291-d3eb1e40760b", "nodeFrom": "/api/3/incidents/22e6291d-3908-4bf9-a151-08bfaef8dcfb" } ] } ]
The Code-Snippet connector, which is a CyOPs™ Built-in connector, is one of the ways to build this JSON format.
For the Correlations Graph to be rendered, this JSON input must be passed to fields that have their field type set as Text Area
. To include the Correlations Graph option in a field, you must do the following:
Navigate to the module where you want the Correlations Graph to be displayed, for example, Alerts
and click a record in this module to open the Detail
view of this module.
Click Edit Template to open the Template Editor and modify the interface.
Click Edit in the Editable Form Group
and modify the field, which has its field type set as Text Area
, for example, Correlations Graph.
Click the v icon in the Correlations Graph field to display more options and from the Text Editor drop-down list select Correlations Graph.
Click Save and Apply Changes.
Now
when you open the alert record in the detail view, you will see the
visual correlations displayed (based on your input JSON) as shown in the
following image:
In the CyOPs™ 4.12.2 community edition, the Correlations Graph has been configured for the Correlations Graph field in the Alerts, Incidents, and Indicator modules.
Following are the steps that you require to perform to view correlations visually, in the CyOPs™ 4.12.2 community edition:
Name
for the configuration.Note: The Correlations Graph is static, i.e., if you add a relation it will not automatically get reflected. For example, if you related an indicator with an alert, the Correlations Graph will not automatically reflect this update. You will have to regenerate the Correlations Graph, by, for example, re-executing the Generate Node Graph playbook to get the updated content and reflect the changes on the graph
To change how the Correlations Graph is configured or to add any relations, then do the following:
Playbooks
page, in the Collections tab, click 10 - Utilities.10 - Utilities
pane, click the Generate Node Graph playbookPlaybook Designer
, click the Set Variable step, named Configurations
.relation_config
field, in the Variables
section. You can add relations or change the configuration by editing this field:Adjacency Graphs
, contains the default python code based on which the correlation graph is created. DO NOT CHANGE THIS STEP.The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.