Fortinet black logo

Administration Guide

Home FortiAnalyzer 7.4.0 Administration Guide
7.4.0
7.4.2
7.4.1
7.4.0
7.2.5
7.2.4
7.2.3
7.2.2
7.2.1
7.2.0
7.0.12
7.0.11
7.0.10
7.0.9
7.0.8
7.0.7
7.0.6
7.0.5
7.0.4
7.0.3
7.0.2
7.0.1
7.0.0
6.4.14
6.4.13
6.4.12
6.4.11
6.4.10
6.4.9
6.4.8
6.4.7
6.4.6
6.4.5
6.4.4
6.4.3
6.4.2
6.4.1
6.4.0
6.2.12
6.2.11
6.2.10
6.2.9
6.2.8
6.2.7
6.2.6
6.2.5
6.2.3
6.2.2
6.2.1
6.2.0
6.0.12
6.0.11
6.0.10
6.0.9
6.0.8
6.0.7
6.0.6
6.0.5
6.0.4
6.0.3
6.0.2
6.0.1
6.0.0
5.6.11
5.6.10
5.6.10
5.6.9
5.6.8
5.6.7
5.6.6
5.6.5
5.6.4
5.6.3
5.6.2
5.6.1
5.6.0
5.4.7
5.4.6
5.4.5
5.4.4
5.4.3
5.4.2
5.4.1
5.4.0
5.2.10
5.2.9
5.2.7
5.2.6
5.2.5
5.2.4
5.2.3
5.2.2
5.2.1
5.2.0
5.0.13
5.0.11
5.0.10
5.0.9
5.0.8
5.0.7
5.0.6
5.0.5
5.0.4
5.0.3
5.0.2
4.3.0
4.2.0
4.1.0
4.0.0

Creating or editing ITSM connectors

Creating or editing ITSM connectors

You can create ITSM connectors for ServiceNow, Slack, MS Teams, and Webhook.

To create an ITSM connector:
  1. Go to Fabric View > Fabric Connectors, and click Create New.
  2. Under ITSM, click ServiceNow Connector, Slack Connector, MS Teams Connector, or Generic Connector and click Next.
  3. Configure the following options, and click OK:

    Property

    Description

    Name

    Type a name for the fabric connector.

    Description

    (Optional) Type a description for the fabric connector.

    Protocol

    Select HTTPS.

    For Slack connectors and Generic connectors, you can also select HTTP.

    Port

    Specify the port FortiAnalyzer uses to communicate with the external platform.

    Method

    Select POST.

    For Slack connectors and Generic connectors, you can also select PUT.

    Title

    Type a title for the fabric connector.

    URL

    Type the URL of the external platform. This option is not available for the MS Teams Connector.

    Using ServiceNow as an example, copy and paste the URL from ServiceNow API URL in the Connection to ServiceNow API section in ServiceNow > FortiAnalyzer System Properties.

    Teams Webhook URL

    Type the incoming webhook URL created in MS Teams. This option is only available for the MS Teams Connector.

    Enable HTTP Authentication

    Set HTTP authentication to ON or OFF. This option is not available for the MS Teams Connector.

    If set to ON, select Basic or OAuth2 authentication type.

    Using ServiceNow with Basic authenictation as an example, enter the username and password from the Connection to ServiceNow API section in ServiceNow > FortiAnalyzer System Properties.

    Using Webhook Connector with OAuth2 authentication as an example, enter the URL of the token service as well as the client ID and client secret for authentication.

    HTTP Body

    Type the HTTP body of the message that should be sent in MS Teams by the connector. This option is only available for the MS Teams Connector.

    For example, { \"text\": \"<message to send>\" }. You also use ${} for macros in the message. For a list of supported macros, see Supported macros for the MS Teams Connector.

    Status

    Toggle ON to enable the fabric connector. Toggle OFF to disable the fabric connector.

Tooltip

ServiceNow connectors can be used to post incident change notices. After it is created, the ServiceNow connector can be added in the incident settings or as part of a playbook.

For more information, see:
Tooltip

MS Teams connectors can be used to send messages about incidients and events. After it is created, the MS Teams connector can be added in the incident settings, notification profiles for event handlers, or as part of a playbook.

For more information, see:
To edit an ITSM connector:
  1. Go to Fabric View > Fabric Connectors.
  2. Right-click an ITSM connector, and select Edit.

    The Edit Connectors dialog box is displayed.

  3. Edit the settings, and click OK.
Supported macros for the MS Teams Connector

Category

Variable

Macro

Description

Global

type

${type}

Notification type

Global

adom

${adom}

Adom name

Global

from

${from}

FAZ SN

Global

timestamp

${timestamp}

Notification timestamp

Event

event

${event}

All event fields

Event

eventid

${event.eventid}

Event id

Event

alertid

${event.alertid}

Alert id (same with eventid, but name consistent with previous notification format)

Event

logtype

${event.logtype}

Log type

Event

devtype

${event.devtype}

Device type

Event

eventtime

${event.eventtime}

Event time

Event

alerttime

${event.alerttime}

Alert time (same with eventtime, but name consistent with previous notification format)

Event

firstlogtime

${event.firstlogtime}

First log time

Event

lastlogtime

${event.lastlogtime}

Last log time

Event

devid

${event.devid}

Device id

Event

devname

${event.devname}

Device name

Event

eventtype

${event.eventtype}

Event type

Event

groupby1

${event.groupby1}

groupby1

Event

groupby2

${event.groupby2}

grouby2

Event

groupby3

${event.groupby3}

grouby3

Event

indicator

${event.indicator}

indicator

Event

severity

${event.severity}

severity

Event

subject

${even.subject}

subject

Event

tag

${event.tag}

tag

Event

triggername

${event.triggername}

Trigger name

Event

vdom

${event.vdom}

vdom

Event

epid

${event.epid}

epid

Event

euid

${event.euid}

euid

Event

epip

${event.epip}

epip

Event

epname

${event.epname}

epname

Event

euname

${event.euname}

euname

Event

extrainfo

${event.extrainfo}

Additional info

Event

log-length

${event.log-length}

Log length

Event

log-detail

${event.log-detail}

Log detail

Incident

incident

${incident}

All incident fields

Incident

incid

${incident.incid}

Incident ID

Incident

type

${incident.type}

Notification type

Incident

revision

${incident.revision}

revision

Incident

attach_revision

${incident.attach_revision}

attach revision
Previous
Next

Creating or editing ITSM connectors

You can create ITSM connectors for ServiceNow, Slack, MS Teams, and Webhook.

To create an ITSM connector:
  1. Go to Fabric View > Fabric Connectors, and click Create New.
  2. Under ITSM, click ServiceNow Connector, Slack Connector, MS Teams Connector, or Generic Connector and click Next.
  3. Configure the following options, and click OK:

    Property

    Description

    Name

    Type a name for the fabric connector.

    Description

    (Optional) Type a description for the fabric connector.

    Protocol

    Select HTTPS.

    For Slack connectors and Generic connectors, you can also select HTTP.

    Port

    Specify the port FortiAnalyzer uses to communicate with the external platform.

    Method

    Select POST.

    For Slack connectors and Generic connectors, you can also select PUT.

    Title

    Type a title for the fabric connector.

    URL

    Type the URL of the external platform. This option is not available for the MS Teams Connector.

    Using ServiceNow as an example, copy and paste the URL from ServiceNow API URL in the Connection to ServiceNow API section in ServiceNow > FortiAnalyzer System Properties.

    Teams Webhook URL

    Type the incoming webhook URL created in MS Teams. This option is only available for the MS Teams Connector.

    Enable HTTP Authentication

    Set HTTP authentication to ON or OFF. This option is not available for the MS Teams Connector.

    If set to ON, select Basic or OAuth2 authentication type.

    Using ServiceNow with Basic authenictation as an example, enter the username and password from the Connection to ServiceNow API section in ServiceNow > FortiAnalyzer System Properties.

    Using Webhook Connector with OAuth2 authentication as an example, enter the URL of the token service as well as the client ID and client secret for authentication.

    HTTP Body

    Type the HTTP body of the message that should be sent in MS Teams by the connector. This option is only available for the MS Teams Connector.

    For example, { \"text\": \"<message to send>\" }. You also use ${} for macros in the message. For a list of supported macros, see Supported macros for the MS Teams Connector.

    Status

    Toggle ON to enable the fabric connector. Toggle OFF to disable the fabric connector.

Tooltip

ServiceNow connectors can be used to post incident change notices. After it is created, the ServiceNow connector can be added in the incident settings or as part of a playbook.

For more information, see:
Tooltip

MS Teams connectors can be used to send messages about incidients and events. After it is created, the MS Teams connector can be added in the incident settings, notification profiles for event handlers, or as part of a playbook.

For more information, see:
To edit an ITSM connector:
  1. Go to Fabric View > Fabric Connectors.
  2. Right-click an ITSM connector, and select Edit.

    The Edit Connectors dialog box is displayed.

  3. Edit the settings, and click OK.
Supported macros for the MS Teams Connector

Category

Variable

Macro

Description

Global

type

${type}

Notification type

Global

adom

${adom}

Adom name

Global

from

${from}

FAZ SN

Global

timestamp

${timestamp}

Notification timestamp

Event

event

${event}

All event fields

Event

eventid

${event.eventid}

Event id

Event

alertid

${event.alertid}

Alert id (same with eventid, but name consistent with previous notification format)

Event

logtype

${event.logtype}

Log type

Event

devtype

${event.devtype}

Device type

Event

eventtime

${event.eventtime}

Event time

Event

alerttime

${event.alerttime}

Alert time (same with eventtime, but name consistent with previous notification format)

Event

firstlogtime

${event.firstlogtime}

First log time

Event

lastlogtime

${event.lastlogtime}

Last log time

Event

devid

${event.devid}

Device id

Event

devname

${event.devname}

Device name

Event

eventtype

${event.eventtype}

Event type

Event

groupby1

${event.groupby1}

groupby1

Event

groupby2

${event.groupby2}

grouby2

Event

groupby3

${event.groupby3}

grouby3

Event

indicator

${event.indicator}

indicator

Event

severity

${event.severity}

severity

Event

subject

${even.subject}

subject

Event

tag

${event.tag}

tag

Event

triggername

${event.triggername}

Trigger name

Event

vdom

${event.vdom}

vdom

Event

epid

${event.epid}

epid

Event

euid

${event.euid}

euid

Event

epip

${event.epip}

epip

Event

epname

${event.epname}

epname

Event

euname

${event.euname}

euname

Event

extrainfo

${event.extrainfo}

Additional info

Event

log-length

${event.log-length}

Log length

Event

log-detail

${event.log-detail}

Log detail

Incident

incident

${incident}

All incident fields

Incident

incid

${incident.incid}

Incident ID

Incident

type

${incident.type}

Notification type

Incident

revision

${incident.revision}

revision

Incident

attach_revision

${incident.attach_revision}

attach revision
Previous
Next