Cynet integration

This section includes:

• Cynet integration
  • About the Cynet integration
  • How it works
  • The Cynet integration procedure
  • Step 1: Configuring the FortiMail Workspace Security-Cynet connection
  • Flow chart diagram

Note: Before implementing this channel integration, contact your Customer Success Manager for FortiMail Workspace Security to make sure that this functionality is included in your current FortiMail Workspace Security license.

About the Cynet integration

FortiMail Workspace Security can be integrated with various products. This page explains the configurations that are required to integrate FortiMail Workspace Security with Cynet. This page describes what must be performed by FortiMail Workspace Security Support and what must be performed by you, a FortiMail Workspace Security admin-user, to perform the integration.

When FortiMail Workspace Security is integrated with Cynet, information is shared between FortiMail Workspace Security and Cynet. This enables both FortiMail Workspace Security and Cynet to improve the security that they provide in your organization.

How it works

Cynet will periodically send to your FortiMail Workspace Security installation a list of all files in your organization that were detected by Cynet to be malicious. The hash of each of the malicious files is also sent to FortiMail Workspace Security. FortiMail Workspace Security will use this information to improve its scanning accuracy within your organization.

• For each malicious file detected by Cynet, an event is added to the FortiMail Workspace Security event log. Each of these events in the log is assigned a high severity, and has the "Malicious File in Endpoint" type. This enables you to monitor the malicious events that are detected by Cynet - and shared with FortiMail Workspace Security. For details, see Events.

  

• If a malicious file detected by Cynet has previously been included in a FortiMail Workspace Security scan [based on the hash value of the file], a request will be automatically generated and sent to the FortiMail Workspace Security IR Team. The request will ask the FortiMail Workspace Security IR Team to investigate the scan, and to thereafter perform any actions required to mitigate the threat.

  In addition, a note will be added to the scan details in FortiMail Workspace Security, indicating that Cynet found the file to be malicious.

  

Note: Malicious files that are detected in Cynet are included in the Events page in FortiMail Workspace Security. For details, see Events.

The Cynet integration procedure

Perform the procedure below to integrate FortiMail Workspace Security with Cynet.

Steps
Step 1 - Configuring the Cynet connection

Step 1: Configuring the FortiMail Workspace Security-Cynet connection

This step activates and configures the Cynet integration in FortiMail Workspace Security.

In FortiMail Workspace Security

1. In FortiMail Workspace Security, in the left navigation menu, select Settings > Bundles and Channels.

2. Under Assigned Bundles, make sure that at least one bundle is assigned that includes the Cynet channel.

   Note: If a bundle that includes the Cynet channel is assigned, then Cynet will appear in the list of channels under Enabled Channels. You can click Bundles Settings, that is located on the right of each Assigned Bundle, to see which channels are included in a bundle.

3. Under Enabled Channels, locate "Cynet" and then click "Activate" located on the right.

   The Cynet Activation dialog box opens.

   

   Note: If the Activate button does not appear, Cynet may not have been successfully enabled by FortiMail Workspace Security Support. Contact FortiMail Workspace Security Support [support@perception-point.io] for assistance.

4. Enter the required information, described below:

   Organization's URL in Cynet	Enter the URL that you use to access Cynet in your organization. From the URL, don't include any suffix that appears on the right of cynet.com Add ".api." between your domain name and "cynet.com" In the example below, the required Organization's URL in Cynet could be either https://acme.api.cynet.com or acme.api.cynet.com
   Client ID	Enter your Client ID in Cynet, for example 123456. For details on how to find your Client ID, contact your Cynet rep or go to your Cynet 360 AutoXDR™ Platform.
   Cynet Username	Specify the username of a user in Cynet with an Operator role - that will be used to access Cynet. It is recommended to create a dedicated user/username for this purpose.
   Password	Specify the password that the username above uses to access Cynet.

5. Click "Connect".

   The Cynet Activation dialog box closes - and the Bundles and Channels page in FortiMail Workspace Security opens.

   Cynet should now be Active.

   

   Your FortiMail Workspace Security-Cynet integration should now be functional...

Flow chart diagram

See also: 

• Integrating Channels