Creating automation stitches
To create an automation, you can set up a trigger event and response actions that cause the FortiOS to respond in a predetermined way. From the root FortiGate, you can set up triggers for event types, such as compromised host, high CPU, and configuration changes. The automation launches actions in response, such as email alerts, FortiExplorer notifications, and webhooks. The Compromised Host trigger has additional actions, such as access layer quarantine and quarantine FortiClient via EMS.
To create and test an automation - GUI:
- Log in to the root FortiGate, and go to Security Fabric > Automation. Select Create New.
- Customize the stitch by selecting a Trigger event type and the corresponding Action that you would like to automate. You can configure multiple actions for the same event trigger.
Enter the following information:
Name | Enter a name for the new automation. |
Status | Select Enabled to enable this automation. |
FortiGate | From the drop-down menu, select the FortiGate device to apply this automation to or select All FortiGates (default) to apply to all. |
Trigger |
Select a Trigger from the following event types:
|
Action |
If the Trigger event you select occurs, an alert is sent using the methods that you select here. Select at least one of the following Action types:
NOTE: When you set the trigger to Compromised Host, the following Actions are available:
|
Minimum interval (seconds) | Enter a minimum time interval, in seconds, during which you won't receive repeated notifications for the same trigger occurrence. When the minimum time interval expires, you'll receive an alert with a compilation report of any events that occurred during the alloted interval period. |
- Select OK.
- To test the new automation, right-click it and select Test Automation Stitch.
To create and test an automation - CLI:
config system automation-stitch
edit <automation-stitch-name>
set status {enable | disable}
set trigger <trigger-name>
set action <action-name>
set destination <serial-number>
next
end
diagnose automation test <automation-stitch-name> <log>
You can configure an automation using the config system automation-stitch command shown above. For more information about configuring the Trigger<trigger-name> and Action<action-name> components, see: Configuring automations, triggers, and actions in the CLI . |