Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Products Best Practices Hardware Guides Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
    • More >>
    Unified SASE
  • Single Vendor SASE
  • Cloud Network Security
  • Secure Endpoint Connectivity
  • Web Application / API Protection
    • More >>
    Security Operations
  • Security Operations Automation
  • Identity
  • Early Detection & Prevention
    • More >>
    Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
  • Communication & Surveillance
    • Unified SASE
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Cloud Network Security
  • Cloud-Native Security
  • Web Application / API Protection
    • Security Operations
  • Security Operations Automation
  • Endpoint
  • Data Protection
  • Identity
  • Email
  • Early Detection & Prevention
  • Expert Services
  • Edge Firewall
  • Orchestration & management
  • SD Branch
  • Application Delivery
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Secure Private Access
  • Thin Edge
  • Identity
  • Application Gateway
  • Enterprise Asset Management
  • Endpoint Agent
  • Agentless Security Posture
  • Identity
  • Wireless
  • Switching
  • Identity
  • Privilege Acccess Management
  • Next Generation Firewall
  • Orchestration & management
  • Expert Services
  • All
  • All
  • Account Management
  • SAAS Management
  • SAAS Application Security
  • Managed Services
  • Platform as a service (PAAS)
  • Other SAAS Services
    • 4D Resources
    Solution Hubs
  • 4D Pillars
  • Cloud
  • Popular Solutions

    • New Features

    6.2.0
    7.6.0
    7.4.0
    7.2.0
    7.0.0
    6.4.0
    6.2.0

    Trigger - FortiAnalyzer Event Handler

    Trigger - FortiAnalyzer Event Handler

    This feature adds a FortiAnalyzer event handler as an automation stitch trigger. You can trigger automation rules based on FortiAnalyzer event handlers, giving you the ability to define rules based on complex correlation across devices, log types, frequency, and other criteria.

    When a FortiAnalyzer event handler is triggered, it sends a notification to the FortiGate automation framework, which generates a log and triggers the automation stitch.

    In FortiAnalyzer Event Manager > FortiGate Event Handlers, configure the FortiAnalyzer event handler that will be triggered when FortiGate logs in.

    In FortiGate Security Fabric > Settings, configure FortiAnalyzer and get authorized.

    To configure Security Fabric Settings using the CLI:
    config log fortianalyzer setting
    set status enable
    set server "10.6.30.250"
    set serial "FL-4HET318900407"
    set upload-option realtime
    set reliable enable
end
    To configure Security Fabric Automation Stitch with trigger of FortiAnalyzer Event Handler in the GUI:

    To configure Security Fabric Automation Stitch with trigger of FortiAnalyzer Event Handler in the CLI:
    config system automation-action
    edit "auto-faz-1_email"
        set action-type email
        set email-to "jamesli@fortinet.com"
        set email-subject "CSF stitch alert"
        set email-body "User login FortiGate successfully."
    next
end

config system automation-trigger
    edit "auto-faz-1"
        set event-type faz-event
        set faz-event-name "system-log-handler2"
        set faz-event-severity "medium"
        set faz-event-tags "User login successfully"
    next
end

config system automation-stitch
    edit "auto-faz-1"
        set trigger "auto-faz-1"
        set action "auto-faz-1_email"
    next
end
    To see the trigger event log in the GUI:
    1. Log in to the FortiGate to trigger the FortiAnalyzer event.

      The FortiAnalyzer sends notification to the FortiGate automation framework and generates an event log in FortiGate and triggers the automation stitch.

    Sample of the trigger event log in the CLI
    date=2019-02-05 time=14:16:17 logid="0100046600" type="event" subtype="system" level="notice" vd="root" eventtime=1549404977 logdesc="Automation stitch triggered" stitch="auto-faz-1" trigger="auto-faz-1" from="log" msg="stitch:auto-faz-1 is triggered."
    Sample of email sent when automation stitch is triggered

    Previous
    Next

    Trigger - FortiAnalyzer Event Handler

    Trigger - FortiAnalyzer Event Handler

    This feature adds a FortiAnalyzer event handler as an automation stitch trigger. You can trigger automation rules based on FortiAnalyzer event handlers, giving you the ability to define rules based on complex correlation across devices, log types, frequency, and other criteria.

    When a FortiAnalyzer event handler is triggered, it sends a notification to the FortiGate automation framework, which generates a log and triggers the automation stitch.

    In FortiAnalyzer Event Manager > FortiGate Event Handlers, configure the FortiAnalyzer event handler that will be triggered when FortiGate logs in.

    In FortiGate Security Fabric > Settings, configure FortiAnalyzer and get authorized.

    To configure Security Fabric Settings using the CLI:
    config log fortianalyzer setting
    set status enable
    set server "10.6.30.250"
    set serial "FL-4HET318900407"
    set upload-option realtime
    set reliable enable
end
    To configure Security Fabric Automation Stitch with trigger of FortiAnalyzer Event Handler in the GUI:

    To configure Security Fabric Automation Stitch with trigger of FortiAnalyzer Event Handler in the CLI:
    config system automation-action
    edit "auto-faz-1_email"
        set action-type email
        set email-to "jamesli@fortinet.com"
        set email-subject "CSF stitch alert"
        set email-body "User login FortiGate successfully."
    next
end

config system automation-trigger
    edit "auto-faz-1"
        set event-type faz-event
        set faz-event-name "system-log-handler2"
        set faz-event-severity "medium"
        set faz-event-tags "User login successfully"
    next
end

config system automation-stitch
    edit "auto-faz-1"
        set trigger "auto-faz-1"
        set action "auto-faz-1_email"
    next
end
    To see the trigger event log in the GUI:
    1. Log in to the FortiGate to trigger the FortiAnalyzer event.

      The FortiAnalyzer sends notification to the FortiGate automation framework and generates an event log in FortiGate and triggers the automation stitch.

    Sample of the trigger event log in the CLI
    date=2019-02-05 time=14:16:17 logid="0100046600" type="event" subtype="system" level="notice" vd="root" eventtime=1549404977 logdesc="Automation stitch triggered" stitch="auto-faz-1" trigger="auto-faz-1" from="log" msg="stitch:auto-faz-1 is triggered."
    Sample of email sent when automation stitch is triggered

    Previous
    Next