Trigger events
You can configure FortiOS to automatically respond to the following trigger events: IOC, event log, reboot, conserve mode, high CPU, license expiry, HA failover, and configuration changes. The following table provides more information about the trigger event list.
| Icon | Trigger | Description |
|---|---|---|
|
Compromised Host |
An Indicator of compromise (IOC) is detected on a host endpoint. If you configure a Compromised Host trigger you also need to set the IOC level threshold to Medium or High. If you set this to Medium, both medium and high threshold attacks trigger an action. The additional Action options are the following: Access Layer Quarantine, Quarantine FortiClient via EMS, and IP Ban. |
|
Security Rating Summary | A summary is available for a recently run Security Rating. |
|
Configuration Change | There is a FortiGate configuration change. |
|
Reboot | A FortiGate reboot occurs. |
|
License Expiry |
A FortiGuard license is expiring. You must select which type of license you want to be notified about if it expires: FortiCare Support, FortiGuard Web Filter, FortiGuard AntiSpam, FortiGuard AntiVirus, FortiGuard IPS, FortiGuard Management Service, and FortiCloud. |
|
|
HA Failover | HA failover occurs. |
|
AV & IPS DB Update | The antivirus and IPS database updates. |
|
Event Log |
A FortiGate log with a specific event ID occurs. If you configure an Event Log trigger you'll also need to enter a Log ID. |
| CLI only | Conserve Mode | A FortiGate enters conserve mode due to low memory. See CPU and memory thresholds for information on customizing the memory use thresholds. |
| CLI only | High CPU | A FortiGate has high CPU usage. See CPU and memory thresholds for information on customizing the CPU use threshold. |
Copyright © 2022 Fortinet, Inc. All Rights Reserved. | Terms of Service | Privacy Policy
