Fortinet Document Library

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:


Table of Contents

Handbook

Actions

You can configure the actions that FortiADC takes in response to the triggers.

Action

Description

CLI Script

Use this action to run a CLI script. See CLI script action for details.

You can use this action to use variables to make appropriate config changes or chain a CLI script with the Email action to automatically email a debug output.

Email

Use this action to send a custom email notification.

You must enter an email address and subject line.

See Execute multiple automation actions based on security events for an example.

Syslog

Use this action to generate syslog.

You must enter the IP address and the port of the syslog server that will receive syslog messages.

See Execute multiple automation actions based on security events for an example.

SNMP Trap

Use this action to send SNMP traps to the specified server.

You must enter the IP address and the port of the SNMP server(s) that will receive traps, the version of SNMP that you want to utilize for the trap server, the source and destination port number for trap packets sent to the SNMP server(s) for the trap server.

See Execute multiple automation actions based on security events for an example.

Webhook

Use this action to send data to another application using a REST callback. See Webhook action for details.

To configure a webhook, set Protocol to HTTP or HTTPS. Set Method to POST, PUT, GET, PATCH, or DELETE. Set the URI and Port.

For HTTP Body enter the text you want (up to 1023 characters). For example, {"trigger":"reboot"}.

For the HTTP header, enter the name and value you want. For example, "x-notification-source" and "Fortinet."

FortiGate IP Ban

Use this action to block all traffic from the source addresses flagged by the FortiGate. See FortiGate IP Ban action for details.

You must enter the delay, FortiGate URL, and FortiGate Token.

To get the token, log in to FortiGate, go to System> Administrator, create a new REST API Administrator, then generate API key.

Avoiding repeat event notifications

The Minimum interval establishes the amount of time, in seconds, before you receive a repeat alert notification about the same event. This helps avoid receiving multiple alerts every few minutes for the same offense. When the interval has elapsed, a collated report detailing the activities during that time frame will be sent.

For example, if you were configuring an alert for high CPU usage, and you set the Minimum interval to 86400s (1 day) then you receive one alert when the CPU usage went above 90% and you would not get another alert notification for the same event until the next day. When the 86400s (1 day) elapses, you receive a notification with a summary that let's you know how many times the CPU usage exceeded 90% in the past day.

Actions

You can configure the actions that FortiADC takes in response to the triggers.

Action

Description

CLI Script

Use this action to run a CLI script. See CLI script action for details.

You can use this action to use variables to make appropriate config changes or chain a CLI script with the Email action to automatically email a debug output.

Email

Use this action to send a custom email notification.

You must enter an email address and subject line.

See Execute multiple automation actions based on security events for an example.

Syslog

Use this action to generate syslog.

You must enter the IP address and the port of the syslog server that will receive syslog messages.

See Execute multiple automation actions based on security events for an example.

SNMP Trap

Use this action to send SNMP traps to the specified server.

You must enter the IP address and the port of the SNMP server(s) that will receive traps, the version of SNMP that you want to utilize for the trap server, the source and destination port number for trap packets sent to the SNMP server(s) for the trap server.

See Execute multiple automation actions based on security events for an example.

Webhook

Use this action to send data to another application using a REST callback. See Webhook action for details.

To configure a webhook, set Protocol to HTTP or HTTPS. Set Method to POST, PUT, GET, PATCH, or DELETE. Set the URI and Port.

For HTTP Body enter the text you want (up to 1023 characters). For example, {"trigger":"reboot"}.

For the HTTP header, enter the name and value you want. For example, "x-notification-source" and "Fortinet."

FortiGate IP Ban

Use this action to block all traffic from the source addresses flagged by the FortiGate. See FortiGate IP Ban action for details.

You must enter the delay, FortiGate URL, and FortiGate Token.

To get the token, log in to FortiGate, go to System> Administrator, create a new REST API Administrator, then generate API key.

Avoiding repeat event notifications

The Minimum interval establishes the amount of time, in seconds, before you receive a repeat alert notification about the same event. This helps avoid receiving multiple alerts every few minutes for the same offense. When the interval has elapsed, a collated report detailing the activities during that time frame will be sent.

For example, if you were configuring an alert for high CPU usage, and you set the Minimum interval to 86400s (1 day) then you receive one alert when the CPU usage went above 90% and you would not get another alert notification for the same event until the next day. When the 86400s (1 day) elapses, you receive a notification with a summary that let's you know how many times the CPU usage exceeded 90% in the past day.