Configure FortiEDR for Arctic Wolf Active Response

With the Active Response service, Arctic Wolf® can perform host-based response actions in your network using FortiEDR®.

FortiEDR supports these response actions:

  • Contain a host/Remove from containment
For more information, see Response action descriptions.

These resources are required:

  • Administrator access to the FortiEDR Central Manager
  • Contact your CST to validate the Active Response integration. Have a device or environment ready that Arctic Wolf can use to validate the desired response actions without causing interruptions.

Create a Senior Analyst role

  1. Sign in to the FortiEDR Central Manager as an administrator.
    Your FortiEDR Central Manager URL is in the format https://your_instance.fortiedr.com/.
  2. Navigate to Administration > Users.
  3. Click + Add User.
  4. In the User Details dialog, enter the user details as required.
  5. In the Role list, select Senior Analyst.
  6. Select Rest API.
  7. Click Save.
  8. Sign in to the new Senior Analyst account, and then change the password.
    You will provide the account user name and password to Arctic Wolf later.

Provide FortiEDR Active Response credentials to Arctic Wolf

  1. Sign in to the Arctic Wolf Unified Portal.
  2. In the navigation menu, click Organization Profile > Integrations.
  3. On the Active Response tab, click New Active Response Integration +.
  4. Click FortiEDR.
  5. On the New Active Response Integration page, configure these settings:
    • Integration Name — Enter a unique and descriptive name for the integration.
    • Base URL for FortiEDR Management Service — Enter the URL for the FortiEDR version that you are providing credentials for.
    • Organization ID — Enter your organization name from the FortiEDR Central Manager in the Administration > Licensing section.
    • Client ID — Enter the user name that you created for the new user in Create a Senior Analyst role.
    • Client Secret — Enter the password for the new user that you created in Create a Senior Analyst role.
  6. Click Save Integration.