Playbook for IP blocking using FortiGate Firewall

Jwala Singh 1 Reputation point
2022-04-24T05:50:23.487+00:00

Hi All

Could someone please help me with how to achieve automatically IP blocking by using the sentinel SOAR capability. In our environment, we are using FortiGate Firewall.

Could you please give the list of requirement from FortiGate Firewall and how i can achieve them, and the the requirement from Sentinel side.

any help will be highly apricated.

Thanks

Azure Logic Apps
Azure Logic Apps
An Azure service that automates the access and use of data across clouds without writing code.
2,969 questions
Microsoft Sentinel
Microsoft Sentinel
A scalable, cloud-native solution for security information event management and security orchestration automated response. Previously known as Azure Sentinel.
1,048 questions
{count} votes

1 answer

Sort by: Most helpful
  1. Andrew Blumhardt 9,841 Reputation points Microsoft Employee
    2022-04-25T12:28:10.287+00:00

    A similar option is available in Sentinel as a Content Hub solution. My recommendation would be to deploy the content hub solution and work through the various playbooks and components. I am not sure if anyone here would have the specific answers you are looking for. The best way to lean the solution is through testing and reviewing the logic. You may find the need for some additional development. These solutions and playbooks are often starting points or a proof of concept. The simple answer is that the logic apps will use a series of API-based activities that will each need to be authenticated. On the Microsoft-side that would be a managed identity or service principal. For FortiGate is sound like it would be an API key (assuming there is an accessible FortiGate endpoint.

    0 comments No comments