Creating an extended integration for FortiEDR assets

Sync FortiEDR (Fortinet Endpoint Detection and Response) with Oomnitza to surface key information about assets and software.

Before you start

To easily find the records that are uploaded to Oomnitza, it's best practice to create a dedicated user account for each integration. This will make it easier for you to retrieve the records that are uploaded to Oomnitza from the vendor application. 

Creating integration users 

To sync FortiEDR with Oomnitza, you must retrieve the following information from FortiEDR:

Organization ID. A unique identifier which can be found  on the Administration > Licensing tab.

Adding global variables

Save time when you create integrations and run workflows by adding connection information as global variables.

1. Click Configuration > General > Global Settings.
2. Click Add new variable.
3. Add the key value, which is the name of the variable.
4. Enter the value.
5. Save your changes.

The name of the key value is FortiEDR.ORG ID and the value is the Org ID.

Username and password. Your FortiEDR username and password.

Adding credentials

1. Click Configuration>Security>Credentials.
2. Click Add new credential (+).
3. Search for the integration, and then click the forward button > to select the integration.
4. Enter the user name and password of your account
5. Click Create.

Integration not in the list? Click Advanced Mode and complete these steps:

1. Add the information details.
2. Click the AUTHORIZATION tab.
3. Ensure that Basic Auth is selected as the authorization type.
4. Enter the username and password.
5. Click Create. 

Creating the integration

1. In Oomnitza, click Configuration> Integrations> Overview.
2. Click Block view
3. Scroll down to the Extended section for asset integrations.
4. Click NEW INTEGRATION.
5. Select the integration in the sidebar.
6. Click ADD.

Integration details overview

More information is provided about the following fields to help you complete the integration:

Software data

Depending on the asset integration, an option might be available to ingest desktop software information such as the name and version of the software installed on an asset. To view the software information in Oomnitza, you must have the software module. 

Installation types

• Cloud. Store credentials in the Oomnitza cloud.
• Local. Store credentials locally. If you want to sync Oomnitza with vendor applications that require AWS or OAUTH authentication, select cloud as the type of installation. Local installations don't support AWS and OAuth authentication. 

Integration preferences

• Create & Update. Add and update records.
• Create only. Add records.
• Update only. Update records.

Integration details

To review or update the integrations details, click Edit .

When you edit the Integration details section, you can select the name or names of integration contacts.  Integration contacts will receive an in-app notification and an email, when the integration fails, when the integration fails to complete within 24 hours, or when the scheduled integration fails to run.

1. Update the integration name.
2. Select an installation type.
3. For integration preferences, select an option.
4. Enter the name of the integration user.  

Credential details

If you selected Cloud as the installation type, choose one of the following options:

• Select the credentials that were created for the integration.
• Edit the credentials that were created for the integration.
• Create new credentials

Scheduling the integration

By default, data is synced once every day. Change the interval or the time so that the data is streamed when your system isn't busy.

1. Click Edit .
2. Make and save your changes.

Mapping fields to Oomnitza

To map the fields to Oomnitza, click Edit .

  Select Edit integration to add rules for syncing data. Filtering integration results.  

Click SMART MAPPING.

You can add new fields to your integration by selecting Add new field   on the mapping page. 
Creating custom API fields. 

Mappable fields

Architecture
Build Number
Collector Group Name
Device Name
Domain DNS Name
Domain SID
Firmware Version
ID
Installation Date
IP Address
Is In Domain
Kernel Variant
Kernel Version
Last Seen Time
Machine SID
Motherboard Serial Number
Operating System Organization
OS Family
OS Full Name
OS Name
OS Version
Part Number
Physical Available
Physical Total
Product
State
State Additional Info
Storage Size Bytes
Vendor
Version
Virtual Available
Virtual Total

Drag and drop

You can map additional fields to Oomnitza.

1. Drag and drop the fields in the Oomnitza column.
2. Rename the field.
3. Make your changes.
4. Save your changes.

Selecting sync keys

You must select at least one field as the sync key field. To ensure that the sync runs successfully, the field must contain unique values such as the serial number of an asset record or the email address of a user record. Records that do not contain a value for the sync key are skipped.   

See Configuring multiple sync keys.

Test

To test the integration, click the tile in the Saas Management Integration section and click RUN NOW. To check for errors, click Sync Sessions.

Launching the integration

Your integration is in Draft mode until the required mandatory fields are added. When added, click Launch to activate your integration. 

If you selected Cloud as the installation type when creating the integration, see Running an extended integration

If you selected Local as the installation type when creating the integration, see Running an extended integration locally.

Viewing data ingested by Oomnitza

Viewing ingested asset data

For asset integrations, click Hardware. If the asset integration also ingests software data, click Software.

Viewing ingested user data

For user integrations, click People. If you chose the option to ingest User and SaaS user data, click Software > SaaS, click the SaaS app, and then click the Users tab. 

Related Links