system automation-trigger
Use this command to define the trigger type, event type, and indicator of compromise (IOC) threat level for user-defined automation stitches in the Security Fabric.
When certain triggers or events takes place in the Security Fabric, predefined actions can be carried out through the use of stitches. The actions can be executed in the Security Fabric root FortiGate, or relayed to the downstream FortiGates.
Triggers can be based on certain events taking place in the Security Fabric or scheduled to take place on specific days and at specific times. The events themselves that cause a trigger to occur vary from an IOC detection, device reboot, low memory, high CPU usage, and others.
History
The following table shows all newly added, changed, or removed entries as of FortiOS 6.0.
Command | Description |
---|---|
config system automation-trigger |
New Define the trigger type, event type, and indicator of compromise (IOC) threat level for user-defined automation stitches. |
config system automation-trigger edit {name} # Trigger for automation stitches. set name {string} Name. size[35] set trigger-type {event-based | scheduled} Trigger type. event-based Event based trigger. scheduled Scheduled trigger. set event-type {option} Event type. ioc Indicator of compromise detected. event-log Use log ID as trigger. reboot Device reboot. low-memory Conserve mode due to low memory. high-cpu High CPU usage. license-near-expiry License near expiration date. ha-failover HA failover. config-change Configuration change. security-rating-summary Security rating summary. virus-ips-db-updated Virus and IPS database updated. set license-type {option} License type. forticare-support FortiCare support license. fortiguard-webfilter FortiGuard web filter license. fortiguard-antispam FortiGuard antispam license. fortiguard-antivirus FortiGuard AntiVirus license. fortiguard-ips FortiGuard IPS license. fortiguard-management FortiGuard management service license. forticloud FortiCloud license. set ioc-level {medium | high} IOC threat level. medium IOC level medium and high. high IOC level high only. set logid {integer} Log ID to trigger event. range[1-99999] set trigger-frequency {hourly | daily | weekly | monthly} Scheduled trigger frequency (default = daily). hourly Run hourly. daily Run daily. weekly Run weekly. monthly Run monthly. set trigger-weekday {option} Day of week for trigger. sunday Sunday. monday Monday. tuesday Tuesday. wednesday Wednesday. thursday Thursday. friday Friday. saturday Saturday. set trigger-day {integer} Day within a month to trigger. range[1-31] set trigger-hour {integer} Hour of the day on which to trigger (0 - 23, default = 1). range[0-23] set trigger-minute {integer} Minute of the hour on which to trigger (0 - 59, 60 to randomize). range[0-60] next end