USM Anywhere™

AlienApp for Fortinet FortiManager Orchestration

As USM Anywhere surfaces events, alarms, and vulnerabilities, you can use Fortinet FortiManager actions to respond to the events in your environment. Rather than manually adding addresses in the FortiManager user interface (UI) and entering the relevant information, you can use the AlienApp for Fortinet FortiManager response actions to automatically manage your FortiManager firewall using information from your USM Anywhere environment. The table below shows these actions.

Example of Alarms Generated from the Fortigate AlienApp
Action Function

Add Address to Static URL Filter

Run this action to add the source or destination address to a static URL filter in your FortiManager environment.

Add Address to Address Group Run this action to add the destination address to a group in your FortiManager environment. If the group entered doesn't exist in FortiManager, it will be created by the action from USM Anywhere.
Add to Custom Category Run this action to add an address to a group in your FortiManager environment.
Add Category to External Block List Add items to your external block list using a custom category as a filter.
Add Domain to External Block List Add a domain to your external block list.
Add IP Address to External Block List Add IP address to your external block list.

To view information about these actions in USM Anywhere

  1. In USM Anywhere, go to Data Sources > AlienApps.
  2. Click the Available Apps tab.
  3. Search for the AlienApp, and then click the tile.
  4. From here, you can click one of the following tabs to display more information.

    • Actions: Displays information regarding the supported AlienApps actions.
    • History: Displays information about the executed actions.
    • Block List-IP Address: Displays the IP addresses in the external block list and enables you to modify them.
    • Block List-Domain: Displays the domains in the external block list and enables you to modify them.
    • Block List-Category: Displays the categories in the external block list and enables you to modify them.

External Block List

The external block lists for IP addresses, domains, and categories, are all contained in the AlienApp for Fortinet FortiManager page (Data Sources > AlienApps > Fortinet FortiManager). For each tab, you can see the list of all the items on the block list, and you can remove individual items by clicking the icon next to the item. Each tab also contains three buttons above the list:

  • Add: Opens a dialog box to add an IP address, domain, or category to the list.
  • Import: Opens a dialog box to import a text file to import a list of IP addresses, domains, or categories to the list. This enables you to take your copied block list from another sensor and apply it to the current sensor.

  • Export: Exports the entire IP address, domain, or category list as a downloadable .txt file. This enables you to copy your block list to another sensor.
  • Clear: Clears the entire IP address, domain, or category list.