Integrating with External CMDB and Helpdesk SystemsTopics in this section include

FortiSIEM Integration Framework Overview

External Helpdesk System Integration

Creating Inbound Policies for Updating Ticket Status from External Ticketing Systems

Creating Outbound Policies for Creating Tickets in External Helpdesk Systems Searching for Tickets from or to External Systems

External CMDB Integration

Creating Inbound Policies for Importing Devices from an External System

Creating the CSV File for Importing Devices from External Systems

Creating Outbound Policies for Exporting CMDB Devices to External Helpdesk Systems

Setting Schedules for Receiving Information from External Systems

Using the AccelOps API to Integrate with External Systems Exporting Events to External Systems via Kafka

FortiSIEM Integration Framework Overview

The FortiSIEM integration framework provides a way for you create two-way linkages between workflow-based Help centers like ServiceNow and Connectwise, as well as external CMDBs.

The integration framework is based on creating policies for inbound and outbound communications with other systems, including sharing of incident and ticket information, and CMDB updates. Support is provided for creating policies to work with selected vendor systems, while the integration API lets you build modules to integrate with proprietary and other systems. Once you’ve created your integration policies, you can set them to execute once on a defined date and time, or on a regular schedule.

External Helpdesk System Integration

Creating Inbound Policies for Updating Ticket Status from External Ticketing Systems

Once a ticket has been opened in an external ticketing system, the status of the ticket is maintained in external system. This section shows how to synchronize the external ticket status back in FortiSIEM.

Creating a integration policy

Create an integration policy for updating FortiSIEM external ticket state and incident status.

1. Log into your FortiSIEM Supervisor with administrator credentials.
2. Go to Admin > General Settings > Integration.
3. Click Add.
4. For Type, select Incident.
5. For Direction, select Inbound.
6. For Vendor, select the vendor of the system you want to connect to. ServiceNow and ConnectWise is supported out of the box. When you select the Vendor:
   1. An Instance is created – this is the unique name for this policy. If you had 2 ServiceNow or ConnectWise installations, each would have different Instance names. You can change this instance name.
   2. A default Plugin Name is populated – this is the Java code that implements the integration including connecting to the external help desk systems and creating/updating the ticket. The plugin name is automatically populated for ServiceNow and ConnectWise. For other vendors, you have to create your own plugin and type in the plugin name here.
7. For Host/URL, enter the host name or URL of the external system.
8. For User Name and Password, enter a user name and password that the system can use to authenticate with the external system.
9. Enter the Time Window – external ticket state for tickets closed in the external help desk/workflow system during the time window specified here will be synched back.
10. Click Save.

Updating FortiSIEM external ticket state and incident status automatically on a schedule

1. Log into your FortiSIEM Supervisor with administrator credentials.
2. Go to Admin > General Settings > Integration.
3. Click Schedule and then click +
   1. Select the integration policy
   2. Select a schedule

The following fields in an FortiSIEM incident are updated

External Ticket State

Ticket State

External Cleared Time

External Resolve Time

Populating custom CMDB or extending current integration

Create a new plugin by following instructions in the FortiSIEM ServiceAPI. The document is available at FortiSIEM support portal under FortiSIEM ServiceAPI section.

 

 

 

Creating Outbound Policies for Creating Tickets in External Helpdesk Systems

This section explains how to configure FortiSIEM to create tickets in external help desk systems.

Prerequisites

Make sure you have the URL and the credentials for connecting to external help desk systems. The credentials must have sufficient permission to make changes to the Incident view.

Procedure

Creating an integration policy

1. Log into your FortiSIEM Supervisor with administrator credentials.
2. Go to Admin > General Settings > Integration.
3. Click Add.
4. For Type, select Incident.
5. For Direction, select Outbound.
6. For Vendor, select the vendor of the system you want to connect to. ServiceNow and ConnectWise is supported out of the box. When you select the Vendor:
   1. An Instance is created – this is the unique name for this policy. If you had 2 ServiceNow or ConnectWise installations, each would have different Instance names. You can change this instance name.
   2. A default Plugin Name is populated – this is the Java code that implements the integration including connecting to the external help desk systems and creating/updating the ticket. The plugin name is automatically populated for ServiceNow and ConnectWise. For other vendors, you have to create your own plugin and type in the plugin name here.
7. For Host/URL, enter the host name or URL of the external system.
8. For User Name and Password, enter a user name and password that the system can use to authenticate with the external system.
9. Enter the Maximum number of incidents to be synched with the external system at a time.
10. For Incident Comment Template, click Edit to format a string using Incident Attributes. This formatted string will be written in the ticket comment field in the external ticketing system. It works similarly as a custom email notification.
11. For Org Mapping, click Edit to create mappings between the organizations in your FortiSIEM deployment and the names of the organization in the external system.
12. ConnectWise specific field: ServiceBoard: Enter the name of the ServiceBoard where the incidents would be posted
13. Click Save.

Creating tickets automatically when incident triggers

1. Create an integration policy
2. Go to Analytics > Incident Notification Policy and create a Notification Policy.
3. For Actions, check Invoke a Notification Policy. Then Click Edit Policy and select an integration policy created in Step 1.
4. Click Save

The following fields in an FortiSIEM incident are updated after a ticket has been created in external ticketing system

External Ticket ID

External Ticket State

External User (optional)

Creating tickets automatically on a schedule

1. Log into your FortiSIEM Supervisor with administrator credentials.
2. Go to Admin > General Settings > Integration.
3. Click Schedule and then click +
   1. Select the integration policies
   2. Select a schedule

The following fields in an FortiSIEM incident are updated after a ticket has been created in external ticketing system

External Ticket ID

External Ticket State

External User (optional)

Creating tickets on-demand (one-time)

1. Log into your FortiSIEM Supervisor with administrator credentials.
2. Go to Admin > General Settings > Integration.
3. Select a specific integration policy and Click Run

The following fields in an FortiSIEM incident are updated after a ticket has been created in external ticketing system

External Ticket ID

External Ticket State

External User (optional)

Populating custom CMDB or extending current integration

Create a new plugin by following instructions in the FortiSIEM ServiceAPI. The document is available at FortiSIEM support portal under FortiSIEM ServiceAPI section.