Fortinet black logo

Cookbook

Creating automation stitches

Copy Link
Copy Doc ID 5ede200c-a21f-11eb-b70b-00505692583a:351998
Download PDF

Creating automation stitches

To create an automation stitch, a trigger event and a response action or actions are selected. Automation stitches can also be tested after they are created.

To create an automation stitch in the GUI:
  1. On the root FortiGate, go to Security Fabric > Automation.
  2. Click Create New. The New Automation Stitch page opens.

  3. Enter the following information:

    Name

    Enter a name for the automation stitch.

    Status

    Enable/disable the stitch.

    FortiGate

    Select the FortiGate device to apply the automation stitch to, or select All FortiGates to apply it to all of them.

    Trigger

    Select a trigger.

    Action

    Select and configure one or more actions.

    Minimum interval (seconds)

    Enter a minimum time interval during which notifications for the same trigger event will not be sent.

    After the time interval elapses, an alert is sent that includes the last event since the time interval elapsed.

  4. Click OK.
To create an automation stitch in the CLI:
  1. Create an automation trigger:
    config system automation-trigger
        edit <automation-trigger-name>
            set trigger-type {event-based | scheduled}
            set event-type <option>
            set license-type <option>
            set ioc-level {medium | high}
            set logid <integer>
            set trigger-frequency {hourly | daily | weekly | monthly} 
            set trigger-weekday <option>
            set trigger-day <integer>
            set trigger-hour <integer>
            set trigger-minute <integer>
            set faz-event-severity <string>
            set faz-event-tags <string>
        next
    end

    The available options will vary depending on the selected event type.

  2. Create an automation action:
    config system automation-action
        edit <name>
            set action-type <option>
            set email-to <names>
            set email-from <string>
            set email-subject <string>
            set email-body <string>
            set minimum-interval <integer>
            set delay <integer>
            set required {enable | disable}
            set aws-api-id <string>
            set aws-region <string>
            set aws-domain <string>
            set aws-api-stage <string>
            set aws-api-path <string>
            set aws-api-key <string>
            set azure-app <string>
            set azure-function <string>
            set azure-domain <string>
            set azure-function-authorization {anonymous | function | admin}
            set azure-api-key <string>
            set gcp-function-region <string>
            set gcp-project <string>
            set gcp-function-domain <string>
            set gcp-function <string>
            set alicloud-account-id <string>
            set alicloud-region <string>
            set alicloud-function-domain <string>
            set alicloud-version <string>
            set alicloud-service <string>
            set alicloud-function <string>
            set alicloud-function-authorization {anonymous | function}
            set alicloud-access-key-id <string>
            set alicloud-access-key-secret <string>
            set protocol {http | https}
            set method {post | put | get | patch | delete}
            set uri <string>
            set http-body <string>
            set port <integer>
            set headers <header>
            set script <string>
            set security-tag <string>
            set sdn-connector <connector_name>
        next
    end
  3. Create an automation destination:
    config system automation-destination
        edit <name>
            set type {fortigate | ha-cluster}
            set destination <serial numbers>
            set ha-group-id <integer>
        next
    end
    
  4. Create the automation stitch:
    config system automation-stitch
        edit <automation-stitch-name>
            set status {enable | disable}
            set trigger <trigger-name>
            set action <action-name>
            set destination <serial-number>
        next
    end
To test an automation stitch:

In the GUI, go to Security Fabric > Automation, right-click on the automation stitch and select Test Automation Stitch.

In the CLI, enter the following command:

diagnose automation test <stitch-name> <log>

Creating automation stitches

To create an automation stitch, a trigger event and a response action or actions are selected. Automation stitches can also be tested after they are created.

To create an automation stitch in the GUI:
  1. On the root FortiGate, go to Security Fabric > Automation.
  2. Click Create New. The New Automation Stitch page opens.

  3. Enter the following information:

    Name

    Enter a name for the automation stitch.

    Status

    Enable/disable the stitch.

    FortiGate

    Select the FortiGate device to apply the automation stitch to, or select All FortiGates to apply it to all of them.

    Trigger

    Select a trigger.

    Action

    Select and configure one or more actions.

    Minimum interval (seconds)

    Enter a minimum time interval during which notifications for the same trigger event will not be sent.

    After the time interval elapses, an alert is sent that includes the last event since the time interval elapsed.

  4. Click OK.
To create an automation stitch in the CLI:
  1. Create an automation trigger:
    config system automation-trigger
        edit <automation-trigger-name>
            set trigger-type {event-based | scheduled}
            set event-type <option>
            set license-type <option>
            set ioc-level {medium | high}
            set logid <integer>
            set trigger-frequency {hourly | daily | weekly | monthly} 
            set trigger-weekday <option>
            set trigger-day <integer>
            set trigger-hour <integer>
            set trigger-minute <integer>
            set faz-event-severity <string>
            set faz-event-tags <string>
        next
    end

    The available options will vary depending on the selected event type.

  2. Create an automation action:
    config system automation-action
        edit <name>
            set action-type <option>
            set email-to <names>
            set email-from <string>
            set email-subject <string>
            set email-body <string>
            set minimum-interval <integer>
            set delay <integer>
            set required {enable | disable}
            set aws-api-id <string>
            set aws-region <string>
            set aws-domain <string>
            set aws-api-stage <string>
            set aws-api-path <string>
            set aws-api-key <string>
            set azure-app <string>
            set azure-function <string>
            set azure-domain <string>
            set azure-function-authorization {anonymous | function | admin}
            set azure-api-key <string>
            set gcp-function-region <string>
            set gcp-project <string>
            set gcp-function-domain <string>
            set gcp-function <string>
            set alicloud-account-id <string>
            set alicloud-region <string>
            set alicloud-function-domain <string>
            set alicloud-version <string>
            set alicloud-service <string>
            set alicloud-function <string>
            set alicloud-function-authorization {anonymous | function}
            set alicloud-access-key-id <string>
            set alicloud-access-key-secret <string>
            set protocol {http | https}
            set method {post | put | get | patch | delete}
            set uri <string>
            set http-body <string>
            set port <integer>
            set headers <header>
            set script <string>
            set security-tag <string>
            set sdn-connector <connector_name>
        next
    end
  3. Create an automation destination:
    config system automation-destination
        edit <name>
            set type {fortigate | ha-cluster}
            set destination <serial numbers>
            set ha-group-id <integer>
        next
    end
    
  4. Create the automation stitch:
    config system automation-stitch
        edit <automation-stitch-name>
            set status {enable | disable}
            set trigger <trigger-name>
            set action <action-name>
            set destination <serial-number>
        next
    end
To test an automation stitch:

In the GUI, go to Security Fabric > Automation, right-click on the automation stitch and select Test Automation Stitch.

In the CLI, enter the following command:

diagnose automation test <stitch-name> <log>