Challenge:
Ingest Alerts to CyOPs through API. For different APIs different output json is received. Keys received in json output has to be segregated and mapped to CyOPs alert fields
Solution:
API output is captured in {{vars.result}} in playbook step. Output json in {{vars.result}} can be stored in variables and variables are used to map keys to field in CyOps Alert.
How to:
1. Create a Playbook with API trigger step
2. Add API end point
3. The output of the API step looks like:
4. The result of an API call is stored in environment variable called vars.result. It can be referenced as {{ vars.result }}
5. variables are referenced as individual key value from API call output
6. Example: vars.result.body , is referencing key body and we are storing that in a variable api_call_result_body This way you can reference result of an API call
7. As seen in below screenshot, api_call_result variable is storing all output / result of an API call
8. These variables can be used as inputs to fill the create record step
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.