Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Products Best Practices Hardware Guides Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
    • More >>
    Unified SASE
  • Single Vendor SASE
  • Cloud Network Security
  • Secure Endpoint Connectivity
  • Web Application / API Protection
    • More >>
    Security Operations
  • Security Operations Automation
  • Identity
  • Early Detection & Prevention
    • More >>
    Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
  • Communication & Surveillance
    • Unified SASE
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Cloud Network Security
  • Cloud-Native Security
  • Web Application / API Protection
    • Security Operations
  • Security Operations Automation
  • Endpoint
  • Data Protection
  • Identity
  • Email
  • Early Detection & Prevention
  • Expert Services
  • Edge Firewall
  • Orchestration & management
  • SD Branch
  • Application Delivery
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Secure Private Access
  • Thin Edge
  • Identity
  • Application Gateway
  • Enterprise Asset Management
  • Endpoint Agent
  • Agentless Security Posture
  • Identity
  • Wireless
  • Switching
  • Identity
  • Privilege Acccess Management
  • Next Generation Firewall
  • Orchestration & management
  • Expert Services
  • All
  • All
  • Account Management
  • SAAS Management
  • SAAS Application Security
  • Managed Services
  • Platform as a service (PAAS)
  • Other SAAS Services
    • 4D Resources
    Solution Hubs
  • 4D Pillars
  • Cloud
  • Popular Solutions

    • Administration Guide

    Home FortiAnalyzer 7.4.2 Administration Guide
    7.4.2
    7.6.1
    7.6.0
    7.4.5
    7.4.4
    7.4.3
    7.4.2
    7.4.1
    7.4.0
    7.2.8
    7.2.7
    7.2.6
    7.2.5
    7.2.4
    7.2.3
    7.2.2
    7.2.1
    7.2.0
    7.0.13
    7.0.12
    7.0.11
    7.0.10
    7.0.9
    7.0.8
    7.0.7
    7.0.6
    7.0.5
    7.0.4
    7.0.3
    7.0.2
    7.0.1
    7.0.0
    6.4.15
    6.4.14
    6.4.13
    6.4.12
    6.4.11
    6.4.10
    6.4.9
    6.4.8
    6.4.7
    6.4.6
    6.4.5
    6.4.4
    6.4.3
    6.4.2
    6.4.1
    6.4.0
    6.2.13
    6.2.12
    6.2.11
    6.2.10
    6.2.9
    6.2.8
    6.2.7
    6.2.6
    6.2.5
    6.2.3
    6.2.2
    6.2.1
    6.2.0
    6.0.12
    6.0.11
    6.0.10
    6.0.9
    6.0.8
    6.0.7
    6.0.6
    6.0.5
    6.0.4
    6.0.3
    6.0.2
    6.0.1
    6.0.0
    5.6.11
    5.6.10
    5.6.10
    5.6.9
    5.6.8
    5.6.7
    5.6.6
    5.6.5
    5.6.4
    5.6.3
    5.6.2
    5.6.1
    5.6.0
    5.4.7
    5.4.6
    5.4.5
    5.4.4
    5.4.3
    5.4.2
    5.4.1
    5.4.0
    5.2.10
    5.2.9
    5.2.7
    5.2.6
    5.2.5
    5.2.4
    5.2.3
    5.2.2
    5.2.1
    5.2.0
    5.0.13
    5.0.11
    5.0.10
    5.0.9
    5.0.8
    5.0.7
    5.0.6
    5.0.5
    5.0.4
    5.0.3
    5.0.2
    4.3.0
    4.2.0
    4.1.0
    4.0.0

    Creating or editing ITSM connectors

    Creating or editing ITSM connectors

    You can create ITSM connectors for ServiceNow, Slack, MS Teams, and Webhook.

    To create an ITSM connector:
    1. Go to Fabric View > Fabric Connectors, and click Create New.
    2. Under ITSM, click ServiceNow Connector, Slack Connector, MS Teams Connector, or Generic Connector and click Next.
    3. Configure the following options, and click OK:

      Property

      Description

      Name

      Type a name for the fabric connector.

      Description

      (Optional) Type a description for the fabric connector.

      Protocol

      Select HTTPS.

      For Slack connectors and Generic connectors, you can also select HTTP.

      Port

      Specify the port FortiAnalyzer uses to communicate with the external platform.

      Method

      Select POST.

      For Slack connectors and Generic connectors, you can also select PUT.

      Title

      Type a title for the fabric connector.

      URL

      Type the URL of the external platform. This option is not available for the MS Teams Connector.

      Using ServiceNow as an example, copy and paste the URL from ServiceNow API URL in the Connection to ServiceNow API section in ServiceNow > FortiAnalyzer System Properties.

      Teams Webhook URL

      Type the incoming webhook URL created in MS Teams. This option is only available for the MS Teams Connector.

      Enable HTTP Authentication

      Set HTTP authentication to ON or OFF. This option is not available for the MS Teams Connector.

      If set to ON, select Basic or OAuth2 authentication type.

      Using ServiceNow with Basic authenictation as an example, enter the username and password from the Connection to ServiceNow API section in ServiceNow > FortiAnalyzer System Properties.

      Using Webhook Connector with OAuth2 authentication as an example, enter the URL of the token service as well as the client ID and client secret for authentication.

      HTTP Body

      Type the HTTP body of the message that should be sent in MS Teams by the connector. This option is only available for the MS Teams Connector.

      For example, { \"text\": \"<message to send>\" }. For example, { \"text\": \"<message to send>\" }. You also use ${} for macros in the message. For a list of supported macros, see Supported macros for the MS Teams Connector.

      Status

      Toggle ON to enable the fabric connector. Toggle OFF to disable the fabric connector.

    Tooltip

    ServiceNow connectors can be used to post incident change notices. After it is created, the ServiceNow connector can be added in the incident settings or as part of a playbook.

    For more information, see:
    Tooltip

    MS Teams connectors can be used to send messages about incidents and events. After it is created, the MS Teams connector can be added in the incident settings, notification profiles for event handlers, or as part of a playbook.

    For more information, see:
    To edit an ITSM connector:
    1. Go to Fabric View > Fabric Connectors.
    2. Right-click an ITSM connector, and select Edit.

      The Edit Connectors dialog box is displayed.

    3. Edit the settings, and click OK.
    Supported macros for the MS Teams Connector

    Category

    Variable

    Macro

    Description

    Global

    type

    ${type}

    Notification type

    Global

    adom

    ${adom}

    Adom name

    Global

    from

    ${from}

    FAZ SN

    Global

    timestamp

    ${timestamp}

    Notification timestamp

    Event

    event

    ${event}

    All event fields

    Event

    eventid

    ${event.eventid}

    Event id

    Event

    alertid

    ${event.alertid}

    Alert id (same with eventid, but name consistent with previous notification format)

    Event

    logtype

    ${event.logtype}

    Log type

    Event

    devtype

    ${event.devtype}

    Device type

    Event

    eventtime

    ${event.eventtime}

    Event time

    Event

    alerttime

    ${event.alerttime}

    Alert time (same with eventtime, but name consistent with previous notification format)

    Event

    firstlogtime

    ${event.firstlogtime}

    First log time

    Event

    lastlogtime

    ${event.lastlogtime}

    Last log time

    Event

    devid

    ${event.devid}

    Device id

    Event

    devname

    ${event.devname}

    Device name

    Event

    eventtype

    ${event.eventtype}

    Event type

    Event

    groupby1

    ${event.groupby1}

    groupby1

    Event

    groupby2

    ${event.groupby2}

    grouby2

    Event

    groupby3

    ${event.groupby3}

    grouby3

    Event

    indicator

    ${event.indicator}

    indicator

    Event

    severity

    ${event.severity}

    severity

    Event

    subject

    ${even.subject}

    subject

    Event

    tag

    ${event.tag}

    tag

    Event

    triggername

    ${event.triggername}

    Trigger name

    Event

    vdom

    ${event.vdom}

    vdom

    Event

    epid

    ${event.epid}

    epid

    Event

    euid

    ${event.euid}

    euid

    Event

    epip

    ${event.epip}

    epip

    Event

    epname

    ${event.epname}

    epname

    Event

    euname

    ${event.euname}

    euname

    Event

    extrainfo

    ${event.extrainfo}

    Additional info

    Event

    log-length

    ${event.log-length}

    Log length

    Event

    log-detail

    ${event.log-detail}

    Log detail

    Incident

    incident

    ${incident}

    All incident fields

    Incident

    incid

    ${incident.incid}

    Incident ID

    Incident

    type

    ${incident.type}

    Notification type

    Incident

    revision

    ${incident.revision}

    revision

    Incident

    attach_revision

    ${incident.attach_revision}

    attach revision
    Previous
    Next

    Creating or editing ITSM connectors

    Creating or editing ITSM connectors

    You can create ITSM connectors for ServiceNow, Slack, MS Teams, and Webhook.

    To create an ITSM connector:
    1. Go to Fabric View > Fabric Connectors, and click Create New.
    2. Under ITSM, click ServiceNow Connector, Slack Connector, MS Teams Connector, or Generic Connector and click Next.
    3. Configure the following options, and click OK:

      Property

      Description

      Name

      Type a name for the fabric connector.

      Description

      (Optional) Type a description for the fabric connector.

      Protocol

      Select HTTPS.

      For Slack connectors and Generic connectors, you can also select HTTP.

      Port

      Specify the port FortiAnalyzer uses to communicate with the external platform.

      Method

      Select POST.

      For Slack connectors and Generic connectors, you can also select PUT.

      Title

      Type a title for the fabric connector.

      URL

      Type the URL of the external platform. This option is not available for the MS Teams Connector.

      Using ServiceNow as an example, copy and paste the URL from ServiceNow API URL in the Connection to ServiceNow API section in ServiceNow > FortiAnalyzer System Properties.

      Teams Webhook URL

      Type the incoming webhook URL created in MS Teams. This option is only available for the MS Teams Connector.

      Enable HTTP Authentication

      Set HTTP authentication to ON or OFF. This option is not available for the MS Teams Connector.

      If set to ON, select Basic or OAuth2 authentication type.

      Using ServiceNow with Basic authenictation as an example, enter the username and password from the Connection to ServiceNow API section in ServiceNow > FortiAnalyzer System Properties.

      Using Webhook Connector with OAuth2 authentication as an example, enter the URL of the token service as well as the client ID and client secret for authentication.

      HTTP Body

      Type the HTTP body of the message that should be sent in MS Teams by the connector. This option is only available for the MS Teams Connector.

      For example, { \"text\": \"<message to send>\" }. For example, { \"text\": \"<message to send>\" }. You also use ${} for macros in the message. For a list of supported macros, see Supported macros for the MS Teams Connector.

      Status

      Toggle ON to enable the fabric connector. Toggle OFF to disable the fabric connector.

    Tooltip

    ServiceNow connectors can be used to post incident change notices. After it is created, the ServiceNow connector can be added in the incident settings or as part of a playbook.

    For more information, see:
    Tooltip

    MS Teams connectors can be used to send messages about incidents and events. After it is created, the MS Teams connector can be added in the incident settings, notification profiles for event handlers, or as part of a playbook.

    For more information, see:
    To edit an ITSM connector:
    1. Go to Fabric View > Fabric Connectors.
    2. Right-click an ITSM connector, and select Edit.

      The Edit Connectors dialog box is displayed.

    3. Edit the settings, and click OK.
    Supported macros for the MS Teams Connector

    Category

    Variable

    Macro

    Description

    Global

    type

    ${type}

    Notification type

    Global

    adom

    ${adom}

    Adom name

    Global

    from

    ${from}

    FAZ SN

    Global

    timestamp

    ${timestamp}

    Notification timestamp

    Event

    event

    ${event}

    All event fields

    Event

    eventid

    ${event.eventid}

    Event id

    Event

    alertid

    ${event.alertid}

    Alert id (same with eventid, but name consistent with previous notification format)

    Event

    logtype

    ${event.logtype}

    Log type

    Event

    devtype

    ${event.devtype}

    Device type

    Event

    eventtime

    ${event.eventtime}

    Event time

    Event

    alerttime

    ${event.alerttime}

    Alert time (same with eventtime, but name consistent with previous notification format)

    Event

    firstlogtime

    ${event.firstlogtime}

    First log time

    Event

    lastlogtime

    ${event.lastlogtime}

    Last log time

    Event

    devid

    ${event.devid}

    Device id

    Event

    devname

    ${event.devname}

    Device name

    Event

    eventtype

    ${event.eventtype}

    Event type

    Event

    groupby1

    ${event.groupby1}

    groupby1

    Event

    groupby2

    ${event.groupby2}

    grouby2

    Event

    groupby3

    ${event.groupby3}

    grouby3

    Event

    indicator

    ${event.indicator}

    indicator

    Event

    severity

    ${event.severity}

    severity

    Event

    subject

    ${even.subject}

    subject

    Event

    tag

    ${event.tag}

    tag

    Event

    triggername

    ${event.triggername}

    Trigger name

    Event

    vdom

    ${event.vdom}

    vdom

    Event

    epid

    ${event.epid}

    epid

    Event

    euid

    ${event.euid}

    euid

    Event

    epip

    ${event.epip}

    epip

    Event

    epname

    ${event.epname}

    epname

    Event

    euname

    ${event.euname}

    euname

    Event

    extrainfo

    ${event.extrainfo}

    Additional info

    Event

    log-length

    ${event.log-length}

    Log length

    Event

    log-detail

    ${event.log-detail}

    Log detail

    Incident

    incident

    ${incident}

    All incident fields

    Incident

    incid

    ${incident.incid}

    Incident ID

    Incident

    type

    ${incident.type}

    Notification type

    Incident

    revision

    ${incident.revision}

    revision

    Incident

    attach_revision

    ${incident.attach_revision}

    attach revision
    Previous
    Next