3.1.0 Changes (#277)

- Release notes
- Indicator extraction doc
- Icons and screenshots
- upgrade doc with added sections -
- Moving from Global Variables to Key Store Record
- Editing Extraction Playbooks - An Example
- Retrieving Exclusion List

Author: cs-abhishek-shukla

README.md

@@ -3,7 +3,7 @@
 - **Version**:  3.1.0
 - **Certified**: Yes 
 - **Publisher**: Fortinet 
-- **Compatible Version**: FortiSOAR v7.6.0 and later
+- **Compatible Version**: FortiSOAR v7.6.1 and later
 - [Release Notes](./release_notes.md)
 
 # Overview 
@@ -66,7 +66,6 @@ The following diagram helps better understand the overall process and the subseq
 
     A **War Room** in this scenario brings together all the above teams and helps devise a more intuitive plan of action.
 
-<!-- - **Incident Response** - These playbooks help plan a response to an incident such as a malware attack. -->
 
 ## Additional Resources 
 
@@ -80,6 +79,8 @@ The following diagram helps better understand the overall process and the subseq
 
 - [Extending Default Indicator Extraction Process](./docs/extending-default-indicator-extraction-process.md)
 
+- [Excluding Extracted Indicators from Enrichment](./docs/extending-default-indicator-extraction-process.md#excluding-extracted-indicators-from-enrichment)
+<!-- Pre -->
 - [Extending Default Indicator Enrichment Process](./docs/extending-default-indicator-enrichment-process.md)
 
 - [Building Investigation/Response Playbook](./docs/building-investigation-response-playbook.md)
@@ -88,7 +89,6 @@ The following diagram helps better understand the overall process and the subseq
 
 - [Setting up Communications Tracking for Custom Modules](./docs/setting-up-comms-module.md)
 
-- [Excluding Extracted Indicators from Enrichment](./docs/extending-default-indicator-extraction-process.md#excluding-extracted-indicators-from-enrichment)
 
 ## Next Steps
 

docs/configuring-alert-ingestion-process.md

@@ -3,7 +3,7 @@
 
 # Configuring Alert Ingestion Process
 
-Alert Ingestion is a process that periodically pulls actionable data from sources such as SIEM, EDR, and even email inboxes. For example, to respond to use cases involving suspicous emails, you would configure ingestion of emails from email providers like Exchange or GMail. 
+Alert Ingestion is a process that periodically pulls actionable data from sources such as SIEM, EDR, and even email inboxes. For example, to respond to use cases involving suspicious emails, you would configure ingestion of emails from email providers like Exchange or GMail. 
 
 The **Data Ingestion** page displays all the connectors that are installed and can be configured for alert ingestion using the **Data Ingestion Wizard**.
 
@@ -13,15 +13,21 @@ To view the **Data Ingestion** page, log on to FortiSOAR. On the left navigation
 
 1. To configure a connector for data ingestion, refer to the document [Configuring a connector in FortiSOAR](https://docs.fortinet.com/document/fortisoar/0.0.0/configuring-a-connector/1/configuring-a-connector#Configuring_a_connector_in_FortiSOAR_). Following connectors are installed, by default, with SOAR Framework Solution Pack:
 
-    - **Exchange** - To configure the Exchange connector for data ingestion, refer to the document [Configure Data Ingestion in Exchange](https://docs.fortinet.com/document/fortisoar/3.4.4/exchange/148/exchange-v3-4-4#Configure_Data_Ingestion).  
-    - **Fortinet FortiEDR** - To configure the Fortinet FortiEDR connector for data ingestion, refer to the document [Configure Data Ingestion in Fortinet FortiEDR](https://docs.fortinet.com/document/fortisoar/1.3.0/fortinet-fortiedr/161/fortinet-fortiedr-v1-3-0#Configure_Data_Ingestion).  
-    - **Fortinet FortiSIEM** - To configure the Fortinet FortiSIEM connector for data ingestion, refer to the document [Configure Data Ingestion in Fortinet FortiSIEM](https://docs.fortinet.com/document/fortisoar/4.3.1/fortinet-fortisiem/222/fortinet-fortisiem-v4-3-1#Configure_Data_Ingestion).
-    - **IMAP** - To configure the IMAP connector for data ingestion, refer to the document [Configure Data Ingestion in IMAP](https://docs.fortinet.com/document/fortisoar/0.0.0/fortisoar-built-in-connectors/1/fortisoar-built-in-connectors#IMAP).    
-There are multiple connectors each with separate instructions to configure data ingestion. To search for and know more, refer to [FortiSOAR Connectors](https://docs.fortinet.com/fortisoar/connectors).
-2. The **Data Ingestion Wizard** maps the incoming data (from source) to target field in the [Alert Schema](./extending-default-alert-schema.md). During the mapping process, you might find that you need to add some fields that are not present. To add new fields, refer to [Extending Default Alert Schema](./extending-default-alert-schema.md).
-    > **IMPORTANT**: This is a key step to ensure correct mapping into alert schema, which subsequently becomes a part of the indicator extraction process.
+    - **Exchange** - To configure the Exchange connector for data ingestion, refer to the document [Configure Data Ingestion in Exchange](https://docs.fortinet.com/document/fortisoar/3.4.4/exchange/148/exchange-v3-4-4#Configure_Data_Ingestion).
+
+    - **Fortinet FortiEDR** - To configure the Fortinet FortiEDR connector for data ingestion, refer to the document [Configure Data Ingestion in Fortinet FortiEDR](https://docs.fortinet.com/document/fortisoar/1.3.0/fortinet-fortiedr/161/fortinet-fortiedr-v1-3-0#Configure_Data_Ingestion).
+
+    There are multiple other connectors each with instructions to configure data ingestion. To search for and know more, refer to [FortiSOAR Connectors](https://docs.  fortinet.com/fortisoar/connectors).
+
+2. The **Data Ingestion Wizard** maps the incoming data (from source) to target field in the [Alert Schema](./extending-default-alert-schema.md). During the mapping process, you might need to add some fields that are not present; to add new fields, refer to [Extending Default Alert Schema](./extending-default-alert-schema.md).
+
+>[!Important]
+>This is a key step to ensure correct mapping into alert schema, which subsequently becomes a part of the indicator extraction process.
+
 3. Use the **Scheduling** screen, in the **Data Ingestion Wizard**, to configure schedule-based ingestion.
-    > **NOTE**: Some connectors, like the **Exchange** connector, support **Email Notification Service**. This service sets up a listener that instantly notifies FortiSOAR when a new email arrives in the mailbox.
+
+> [!Note]
+> Some connectors, like the **Exchange** connector, support **Email Notification Service**. This service sets up a listener that instantly notifies FortiSOAR when a new email arrives in the targeted mailbox.
 
 After the configuration is complete, the system is ready to ingest data and as per the defined mapping, create alerts in FortiSOAR.