This feature adds a FortiAnalyzer event handler as an automation stitch trigger. You can trigger automation rules based on FortiAnalyzer event handlers, giving you the ability to define rules based on complex correlation across devices, log types, frequency, and other criteria.
When a FortiAnalyzer event handler is triggered, it sends a notification to the FortiGate automation framework, which generates a log and triggers the automation stitch.
In FortiAnalyzer Event Manager > FortiGate Event Handlers, configure the FortiAnalyzer event handler that will be triggered when FortiGate logs in.
In FortiGate Security Fabric > Settings, configure FortiAnalyzer and get authorized.
config log fortianalyzer setting set status enable set server "10.6.30.250" set serial "FL-4HET318900407" set upload-option realtime set reliable enable end
To configure Security Fabric Automation Stitch with trigger of FortiAnalyzer Event Handler in the GUI:
To configure Security Fabric Automation Stitch with trigger of FortiAnalyzer Event Handler in the CLI:
config system automation-action edit "auto-faz-1_email" set action-type email set email-to "email@example.com" set email-subject "CSF stitch alert" set email-body "User login FortiGate successfully." next end config system automation-trigger edit "auto-faz-1" set event-type faz-event set faz-event-name "system-log-handler2" set faz-event-severity "medium" set faz-event-tags "User login successfully" next end config system automation-stitch edit "auto-faz-1" set trigger "auto-faz-1" set action "auto-faz-1_email" next end
- Log in to the FortiGate to trigger the FortiAnalyzer event.
The FortiAnalyzer sends notification to the FortiGate automation framework and generates an event log in FortiGate and triggers the automation stitch.
date=2019-02-05 time=14:16:17 logid="0100046600" type="event" subtype="system" level="notice" vd="root" eventtime=1549404977 logdesc="Automation stitch triggered" stitch="auto-faz-1" trigger="auto-faz-1" from="log" msg="stitch:auto-faz-1 is triggered."