Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Products Best Practices Hardware Guides Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
    • More >>
    Unified SASE
  • Single Vendor SASE
  • Cloud Network Security
  • Secure Endpoint Connectivity
  • Web Application / API Protection
    • More >>
    Security Operations
  • Security Operations Automation
  • Identity
  • Early Detection & Prevention
    • More >>
    Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
  • Communication & Surveillance
    • Unified SASE
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Cloud Network Security
  • Cloud-Native Security
  • Web Application / API Protection
    • Security Operations
  • Security Operations Automation
  • Endpoint
  • Data Protection
  • Identity
  • Email
  • Early Detection & Prevention
  • Expert Services
  • Edge Firewall
  • Orchestration & management
  • SD Branch
  • Application Delivery
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Secure Private Access
  • Thin Edge
  • Identity
  • Application Gateway
  • Enterprise Asset Management
  • Endpoint Agent
  • Agentless Security Posture
  • Identity
  • Wireless
  • Switching
  • Identity
  • Privilege Acccess Management
  • Next Generation Firewall
  • Orchestration & management
  • Expert Services
  • All
  • All
  • Account Management
  • SAAS Management
  • SAAS Application Security
  • Managed Services
  • Platform as a service (PAAS)
  • Other SAAS Services
    • 4D Resources
    Solution Hubs
  • 4D Pillars
  • Cloud
  • Popular Solutions

    • FortiAnalyzer Playbook Variables

    Home FortiAnalyzer 7.2.1 FortiAnalyzer Playbook Variables
    7.2.1
    7.4.5
    7.4.4
    7.4.3
    7.4.2
    7.4.1
    7.4.0
    7.2.1

    Output variables

    Output variables

    Output variables allow you to use the output from a preceding task as an input to the current task. For example, the report generated in one task can be attached to an incident in a second task.

    The following format is used:

    Connector Type

    Action

    Variable

    Description

    FortiAnalyzer

    Create Incident

    revision

    Create revision

    FortiAnalyzer

    Get EPEU from Incident

    epeu

    EPEU is a JSON data structure with all related endpoint and enduser info in it: epid, epname, epip, epmac, fluid, etc.

    FortiAnalyzer

    Run Report

    report_uuid

    Run report

    FortiAnalyzer

    Attach Data to Incident

    attach_ids

    Attach data to incident

    FortiAnalyzer

    Update Incident

    attach_revision

    Attach revision

    FortiAnalyzer

    Update Incident

    revision

    Revision

    FortiAnalyzer

    Update Incident

    incident_id

    Update incident

    FortiAnalyzer

    Create Incident

    attach_revision

    Attach revision

    FortiAnalyzer

    Create Incident

    incident_id

    Create incident

    FortiAnalyzer

    Get Events

    events

    Get events matching filter conditions

    FortiCASB

    Get Cloud Data

    No output variable

    Obtain app info from FortiCASB

    FortiClient EMS

    Get Endpoints

    ems_endpoints

    List of endpoints returned from EMS server

    FortiClient EMS

    Tag Endpoints

    No output variable

    Tag endpoints

    FortiClient EMS

    Get Vulnerabilities

    vulnerabilities

    Retrieve list of vulnerabilities on an endpoint

    FortiClient EMS

    Get Process List

    processes

    Retrieve list of running processes on an endpoint

    FortiClient EMS

    Get Software Inventory

    software

    Retrieve software list installed on an endpoint

    FortiClient EMS

    AV Full Scan

    status

    Request AV Full Scan on an endpoint

    FortiClient EMS

    AV Quick Scan

    status

    Request AV Quick Scan on an endpoint

    FortiClient EMS

    Vulnerability Scan

    status

    Request vulnerability scan on an endpoint

    FortiClient EMS

    Unquarantine

    status

    Request to unquarantine an endpoint

    FortiClient EMS

    Quarantine

    status

    Request to quarantine an endpoint

    FortiClient EMS

    Untag Endpoints

    No output variable

    Untag endpoints

    FortiGuard

    Lookup Indicator

    indicators

    Threat intelligence indicators

    FortiMail

    Get Email Statistics

    statistics

    Get email statistics for a given email address

    FortiMail

    Get Sender Reputation

    reputation

    Get sender reputation statistics for a given email address

    FortiMail

    Add Sender to Blocklist

    No output variable

    Add sender to blocklist (system and domain level)

    FortiOS

    Webhook

    No output variable

    Webhook call towards FortiOS

    ServiceNow

    Post Incident Change Notice

    No output variable

    Post incident change notice to ServiceNow
    Note

    We can get a different variable output even if the action is the same by referring to different macros. For example:

    ${create_incident_task_id.revision}

    ${create_incident_task_id.attach_revision}
    Previous
    Next

    Output variables

    Output variables

    Output variables allow you to use the output from a preceding task as an input to the current task. For example, the report generated in one task can be attached to an incident in a second task.

    The following format is used:

    Connector Type

    Action

    Variable

    Description

    FortiAnalyzer

    Create Incident

    revision

    Create revision

    FortiAnalyzer

    Get EPEU from Incident

    epeu

    EPEU is a JSON data structure with all related endpoint and enduser info in it: epid, epname, epip, epmac, fluid, etc.

    FortiAnalyzer

    Run Report

    report_uuid

    Run report

    FortiAnalyzer

    Attach Data to Incident

    attach_ids

    Attach data to incident

    FortiAnalyzer

    Update Incident

    attach_revision

    Attach revision

    FortiAnalyzer

    Update Incident

    revision

    Revision

    FortiAnalyzer

    Update Incident

    incident_id

    Update incident

    FortiAnalyzer

    Create Incident

    attach_revision

    Attach revision

    FortiAnalyzer

    Create Incident

    incident_id

    Create incident

    FortiAnalyzer

    Get Events

    events

    Get events matching filter conditions

    FortiCASB

    Get Cloud Data

    No output variable

    Obtain app info from FortiCASB

    FortiClient EMS

    Get Endpoints

    ems_endpoints

    List of endpoints returned from EMS server

    FortiClient EMS

    Tag Endpoints

    No output variable

    Tag endpoints

    FortiClient EMS

    Get Vulnerabilities

    vulnerabilities

    Retrieve list of vulnerabilities on an endpoint

    FortiClient EMS

    Get Process List

    processes

    Retrieve list of running processes on an endpoint

    FortiClient EMS

    Get Software Inventory

    software

    Retrieve software list installed on an endpoint

    FortiClient EMS

    AV Full Scan

    status

    Request AV Full Scan on an endpoint

    FortiClient EMS

    AV Quick Scan

    status

    Request AV Quick Scan on an endpoint

    FortiClient EMS

    Vulnerability Scan

    status

    Request vulnerability scan on an endpoint

    FortiClient EMS

    Unquarantine

    status

    Request to unquarantine an endpoint

    FortiClient EMS

    Quarantine

    status

    Request to quarantine an endpoint

    FortiClient EMS

    Untag Endpoints

    No output variable

    Untag endpoints

    FortiGuard

    Lookup Indicator

    indicators

    Threat intelligence indicators

    FortiMail

    Get Email Statistics

    statistics

    Get email statistics for a given email address

    FortiMail

    Get Sender Reputation

    reputation

    Get sender reputation statistics for a given email address

    FortiMail

    Add Sender to Blocklist

    No output variable

    Add sender to blocklist (system and domain level)

    FortiOS

    Webhook

    No output variable

    Webhook call towards FortiOS

    ServiceNow

    Post Incident Change Notice

    No output variable

    Post incident change notice to ServiceNow
    Note

    We can get a different variable output even if the action is the same by referring to different macros. For example:

    ${create_incident_task_id.revision}

    ${create_incident_task_id.attach_revision}
    Previous
    Next