Fortinet white logo
Fortinet white logo

Administration Guide

Configuring tasks using variables

Configuring tasks using variables

Variables can be used when configuring playbook tasks. There are two types of playbook variables, including output variables and trigger variables.

For a list of trigger and output variables that can be used when configuring playbook tasks, see FortiAnalyzer Playbook Variables on the Fortinet Docs Library.

Output variables

Output variables allow you to use the output from a proceeding task as an input to the current task. For example, the report generated in one task can be attached to an incident in a second task. For a list of output types, see FortiSoC > Automation > Connector. A task ID is created automatically for each task added to the playbook.

Output variables use the following format:

Format: ${<task_id>.<output>}

Example: ${id_2c7_84b_2c5_f47.vulnerabilities}

Tooltip
Obtaining task IDs

Task IDs are not currently displayed within a task. To view a task ID, the following workaround can be used.

  1. Create a new task in the playbook using the Local Connector action Attach Data to Incident.
  2. In the Attachment dropdown, select a preceding task to view its task ID. You can switch to text mode to copy the value after selection.
Trigger (incident and event) variables

Trigger variables allow you to use information from the trigger (starter) of a playbook when it has been configured with an incident or event trigger.

For example, the Run Report action can include a filter for the endpoint IP address from the event that triggered the playbook.

Trigger variables use the following format:

Format: ${trigger.<variable>}

Example: ${trigger.epip}

Configuring tasks using variables

Configuring tasks using variables

Variables can be used when configuring playbook tasks. There are two types of playbook variables, including output variables and trigger variables.

For a list of trigger and output variables that can be used when configuring playbook tasks, see FortiAnalyzer Playbook Variables on the Fortinet Docs Library.

Output variables

Output variables allow you to use the output from a proceeding task as an input to the current task. For example, the report generated in one task can be attached to an incident in a second task. For a list of output types, see FortiSoC > Automation > Connector. A task ID is created automatically for each task added to the playbook.

Output variables use the following format:

Format: ${<task_id>.<output>}

Example: ${id_2c7_84b_2c5_f47.vulnerabilities}

Tooltip
Obtaining task IDs

Task IDs are not currently displayed within a task. To view a task ID, the following workaround can be used.

  1. Create a new task in the playbook using the Local Connector action Attach Data to Incident.
  2. In the Attachment dropdown, select a preceding task to view its task ID. You can switch to text mode to copy the value after selection.
Trigger (incident and event) variables

Trigger variables allow you to use information from the trigger (starter) of a playbook when it has been configured with an incident or event trigger.

For example, the Run Report action can include a filter for the endpoint IP address from the event that triggered the playbook.

Trigger variables use the following format:

Format: ${trigger.<variable>}

Example: ${trigger.epip}