Azure Blob integration

This page includes:

• Azure Blob integration
  • About the Azure Blob integration
  • Prerequisites
  • The Azure Blob integration procedure
  • Additional configurations
  • Flow chart diagram

Note: Before implementing this channel integration, contact your Customer Success Manager for FortiMail Workspace Security to make sure that this functionality is included in your current FortiMail Workspace Security license.

About the Azure Blob integration

FortiMail Workspace Security can be integrated with various products. This page explains what configurations are required to integrate FortiMail Workspace Security with Azure Blob - to enhance your Azure Blob security. Perception Point’s Azure Blob Threat Detection [ABTD] monitors your Azure Blob Storage account containers for malicious file uploads. This page describes what must be performed by FortiMail Workspace Security Support and what must be performed by you, the customer, to perform the integration.

When FortiMail Workspace Security is integrated with Azure Blob, FortiMail Workspace Security scans every file that is uploaded to a specified container in Azure Blob. Scan details are included in the Scans page in FortiMail Workspace Security.

Azure Blob Threat Detection [ABTD] runs as an Azure Function in your account, utilizing an Azure Blob storage trigger for Azure Functions. This trigger polls a specified container every few seconds, to detect file upload events. Every time a file upload event is generated, the function creates a temporary shared access signature (SAS) token for that specific file. The SAS token is then sent to FortiMail Workspace Security, along with the file’s Uniform Resource Identifier (URI). FortiMail Workspace Security then downloads the file and performs the scan. The result of the scan is available in the Scans page in FortiMail Workspace Security.

Quarantine functionality is currently not available for the "FortiMail Workspace Security - Azure Blob" integration.

Prerequisites

In order to perform the required integration with FortiMail Workspace Security, make sure that you have the following prerequisites:

• Python 3 based Azure Function App using App Service Plan (See Function App configuration below)

• Azure Blob Storage account with Blob containers

The Azure Blob integration procedure

The integration procedure below requires basic knowledge of git, and includes a modification of a JSON file.

1. Clone the latest repository [that contains everything that is needed to configure the Function App], or download the latest source code.

2. Download and install Visual Studio Code, and install the Azure Functions extension.

3. Open the cloned repository using Visual Studio Code.

4. Specify the container to be scanned and the optional filters - in function.json

   [Replace the "path" option in line 9 of function.json.]

5. Open the Azure extension in Visual Studio Code (Alt+Shift+A) and log-in.

6. Expand the Function App section under your subscription. Find the Function App in which you want to install the function, and expand the section.

7. Right-click the Application Settings option, and select Add New Setting.

   • PP_ENV: us-east-1 or eu-west-1 - depending on the environment of your organization.

     Note: What is the environment of your organization In FortiMail Workspace Security, go to Settings > Account. The Environment of your organization will appear under General > Info: US, EU, or AUS.

   • PP_TOKEN: Either:

     • Your API key. For details on how to find your API key, see Profile.

     • An organizational token that you can request from Fortinet [Perception Point] Customer Success.

   • AZURE_STORAGE_CONNECTION_STRING: Your Storage Account connection string (See Storage Account connection string below).

8. Right-click your Function App, and select Deploy to Function App.

   After the deployment finishes, the configuration should look like this:

   

   You should now see scan results in the Scans page of FortiMail Workspace Security. For details, see Working with Scans.

Additional configurations

You'll need these configurations when you perform the integration procedure that is described in "The Azure Blob integration procedure".

Function App configuration

Make sure that the Function App uses one of the following Plan type options:

• App service plan

• Functions Premium

You may experience significant delays, or even infinite delays, in event triggers when using the default Serverless option.

Storage Account connection string

The Storage Account connection string can be found under Access Keys in the Storage Account settings page. Click Show keys, and then copy the connection string of one of the available keys.

Flow chart diagram

Hover your cursor over the graphic below to enlarge it

See also: 

• Integrating Channels