Fortinet black logo

CLI Reference

system automation-trigger

system automation-trigger

Use this command to define the trigger type, event type, and indicator of compromise (IOC) threat level for user-defined automation stitches in the Security Fabric.

When certain triggers or events takes place in the Security Fabric, predefined actions can be carried out through the use of stitches. The actions can be executed in the Security Fabric root FortiGate, or relayed to the downstream FortiGates.

Triggers can be based on certain events taking place in the Security Fabric or scheduled to take place on specific days and at specific times. The events themselves that cause a trigger to occur vary from an IOC detection, device reboot, low memory, high CPU usage, and others.

History

The following table shows all newly added, changed, or removed entries as of FortiOS 6.0.

Command Description

config system automation-trigger

New config command.

Define the trigger type, event type, and indicator of compromise (IOC) threat level for user-defined automation stitches.

config system automation-trigger
    edit {name}
    # Trigger for automation stitches.
        set name {string}   Name. size[35]
        set trigger-type {event-based | scheduled}   Trigger type.
                event-based  Event based trigger.
                scheduled    Scheduled trigger.
        set event-type {option}   Event type.
                ioc                      Indicator of compromise detected.
                event-log                Use log ID as trigger.
                reboot                   Device reboot.
                low-memory               Conserve mode due to low memory.
                high-cpu                 High CPU usage.
                license-near-expiry      License near expiration date.
                ha-failover              HA failover.
                config-change            Configuration change.
                security-rating-summary  Security rating summary.
                virus-ips-db-updated     Virus and IPS database updated.
        set license-type {option}   License type.
                forticare-support      FortiCare support license.
                fortiguard-webfilter   FortiGuard web filter license.
                fortiguard-antispam    FortiGuard antispam license.
                fortiguard-antivirus   FortiGuard AntiVirus license.
                fortiguard-ips         FortiGuard IPS license.
                fortiguard-management  FortiGuard management service license.
                forticloud             FortiCloud license.
        set ioc-level {medium | high}   IOC threat level.
                medium  IOC level medium and high.
                high    IOC level high only.
        set logid {integer}   Log ID to trigger event. range[1-99999]
        set trigger-frequency {hourly | daily | weekly | monthly}   Scheduled trigger frequency (default = daily).
                hourly   Run hourly.
                daily    Run daily.
                weekly   Run weekly.
                monthly  Run monthly.
        set trigger-weekday {option}   Day of week for trigger.
                sunday     Sunday.
                monday     Monday.
                tuesday    Tuesday.
                wednesday  Wednesday.
                thursday   Thursday.
                friday     Friday.
                saturday   Saturday.
        set trigger-day {integer}   Day within a month to trigger. range[1-31]
        set trigger-hour {integer}   Hour of the day on which to trigger (0 - 23, default = 1). range[0-23]
        set trigger-minute {integer}   Minute of the hour on which to trigger (0 - 59, 60 to randomize). range[0-60]
    next
end

system automation-trigger

Use this command to define the trigger type, event type, and indicator of compromise (IOC) threat level for user-defined automation stitches in the Security Fabric.

When certain triggers or events takes place in the Security Fabric, predefined actions can be carried out through the use of stitches. The actions can be executed in the Security Fabric root FortiGate, or relayed to the downstream FortiGates.

Triggers can be based on certain events taking place in the Security Fabric or scheduled to take place on specific days and at specific times. The events themselves that cause a trigger to occur vary from an IOC detection, device reboot, low memory, high CPU usage, and others.

History

The following table shows all newly added, changed, or removed entries as of FortiOS 6.0.

Command Description

config system automation-trigger

New config command.

Define the trigger type, event type, and indicator of compromise (IOC) threat level for user-defined automation stitches.

config system automation-trigger
    edit {name}
    # Trigger for automation stitches.
        set name {string}   Name. size[35]
        set trigger-type {event-based | scheduled}   Trigger type.
                event-based  Event based trigger.
                scheduled    Scheduled trigger.
        set event-type {option}   Event type.
                ioc                      Indicator of compromise detected.
                event-log                Use log ID as trigger.
                reboot                   Device reboot.
                low-memory               Conserve mode due to low memory.
                high-cpu                 High CPU usage.
                license-near-expiry      License near expiration date.
                ha-failover              HA failover.
                config-change            Configuration change.
                security-rating-summary  Security rating summary.
                virus-ips-db-updated     Virus and IPS database updated.
        set license-type {option}   License type.
                forticare-support      FortiCare support license.
                fortiguard-webfilter   FortiGuard web filter license.
                fortiguard-antispam    FortiGuard antispam license.
                fortiguard-antivirus   FortiGuard AntiVirus license.
                fortiguard-ips         FortiGuard IPS license.
                fortiguard-management  FortiGuard management service license.
                forticloud             FortiCloud license.
        set ioc-level {medium | high}   IOC threat level.
                medium  IOC level medium and high.
                high    IOC level high only.
        set logid {integer}   Log ID to trigger event. range[1-99999]
        set trigger-frequency {hourly | daily | weekly | monthly}   Scheduled trigger frequency (default = daily).
                hourly   Run hourly.
                daily    Run daily.
                weekly   Run weekly.
                monthly  Run monthly.
        set trigger-weekday {option}   Day of week for trigger.
                sunday     Sunday.
                monday     Monday.
                tuesday    Tuesday.
                wednesday  Wednesday.
                thursday   Thursday.
                friday     Friday.
                saturday   Saturday.
        set trigger-day {integer}   Day within a month to trigger. range[1-31]
        set trigger-hour {integer}   Hour of the day on which to trigger (0 - 23, default = 1). range[0-23]
        set trigger-minute {integer}   Minute of the hour on which to trigger (0 - 59, 60 to randomize). range[0-60]
    next
end