Triggers
The following table outlines the available automation stitch triggers:
Trigger |
Description |
---|---|
Compromised Host |
An Indicator of Compromise (IoC) is detected on a host endpoint. The threat level must be selected and can be Medium or High. If Medium is selected, both medium and high level threats are included. Note: Additional actions are available only for Compromised Host triggers:
|
Security Rating Summary |
A summary is available for a recently run Security Rating. |
Configuration Change |
A FortiGate configuration change has occurred. |
Reboot |
A FortiGate is rebooting. |
Low memory |
This option is only available in the CLI. Conserve mode due to low memory. See Execute a CLI script based on CPU and memory thresholds for an example. |
High CPU |
This option is only available in the CLI. High CPU usage. See Execute a CLI script based on CPU and memory thresholds for an example. |
License Expiry |
A FortiGuard license is expiring. The license type must be selected. Options include:
|
HA Failover |
An HA failover is occurring. |
AV & IPS DB Update |
The antivirus and IPS database is updating. |
FortiOS Event Log |
The specified FortiOS log has occurred. The event must be selected from the event list. |
FortiAnalyzer Event Handler |
The specified FortiAnalyzer event handler has occurred. See FortiAnalyzer event handler trigger for details. |
Schedule |
A scheduled monthly, weekly, daily, or hourly trigger. Set to occur on a specific minute of an specific hour on a specific day. |
FortiGate Cloud-Based IOC |
IOC detection from the FortiGate Cloud IOC service. This option requires an IOC license, a web filter license, and FortiCloud logging must be enabled. |