Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Products Best Practices Hardware Guides Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
    • More >>
    Unified SASE
  • Single Vendor SASE
  • Cloud Network Security
  • Secure Endpoint Connectivity
  • Web Application / API Protection
    • More >>
    Security Operations
  • Security Operations Automation
  • Identity
  • Early Detection & Prevention
    • More >>
    Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
  • Communication & Surveillance
    • Unified SASE
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Cloud Network Security
  • Cloud-Native Security
  • Web Application / API Protection
    • Security Operations
  • Security Operations Automation
  • Endpoint
  • Data Protection
  • Identity
  • Email
  • Early Detection & Prevention
  • Expert Services
  • Edge Firewall
  • Orchestration & management
  • SD Branch
  • Application Delivery
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Secure Private Access
  • Thin Edge
  • Identity
  • Application Gateway
  • Enterprise Asset Management
  • Endpoint Agent
  • Agentless Security Posture
  • Identity
  • Wireless
  • Switching
  • Identity
  • Privilege Acccess Management
  • Next Generation Firewall
  • Orchestration & management
  • Expert Services
  • All
  • All
  • Account Management
  • SAAS Management
  • SAAS Application Security
  • Managed Services
  • Platform as a service (PAAS)
  • Other SAAS Services
    • 4D Resources
    Solution Hubs
  • 4D Pillars
  • Cloud
  • Popular Solutions

    • Administration Guide

    Home FortiGate / FortiOS 7.0.0 Administration Guide
    7.0.0
    7.6.0
    7.4.5
    7.4.4
    7.4.3
    7.4.2
    7.4.1
    7.4.0
    7.2.10
    7.2.9
    7.2.8
    7.2.7
    7.2.6
    7.2.5
    7.2.4
    7.2.3
    7.2.2
    7.2.1
    7.2.0
    7.0.16
    7.0.15
    7.0.14
    7.0.13
    7.0.12
    7.0.11
    7.0.10
    7.0.9
    7.0.8
    7.0.7
    7.0.6
    7.0.5
    7.0.4
    7.0.3
    7.0.2
    7.0.1
    7.0.0
    6.4.15
    6.4.14
    6.4.13
    6.4.12
    6.4.11
    6.4.10
    6.4.9
    6.4.8
    6.4.7
    6.4.6
    6.4.5
    6.4.4
    6.4.3
    6.4.2
    6.4.1
    6.4.0

    Slack Notification action

    Slack Notification action

    To configure an automation stitch with a Slack Notification action, you first need to configure an incoming webhook in Slack. Then you can enter the webhook URL when you configure the Slack Notification action.

    This example uses a Security Rating Summary trigger in the automation stitch with two Slack Notification actions with different notification messages. One message is a custom message, and the other is for the Security Rating Summary log with a 90 second delay.

    To create an Incoming Webhook in Slack:
    1. Go to the Slack website, and create a workspace.
    2. Create a Slack application for the workspace.

    3. Add an Incoming Webhook to a channel in the workspace (see Sending messages using Incoming Webhooks for more details).
    4. Activate the Incoming Webhook, and copy the Webhook URL to the clipboard.

    To configure an automation stitch with Slack Notification actions in the GUI:
    1. Go to Security Fabric > Automation and click Create New.
    2. Enter the stitch name.
    3. Configure the Security Rating Summary trigger:
      1. Click Add Trigger.
      2. Click Create and select Security Rating Summary.
      3. Enter the following:

        Name

        auto-rating

        Report

        Security Posture

      4. Click OK.
      5. Select the trigger in the list and click Apply.
    4. Configure the first Slack Notification action:
      1. Click Add Action.
      2. Click Create and select Slack Notification.
      3. Enter the following:

        Name

        slack1

        URL

        Paste the webhook URL from the clipboard

        Message

        Text

        Message text

        This is test for slack notification.

      4. Click OK.
      5. Select the action in the list and click Apply.
    5. Configure the second Slack Notification action:
      1. Click Add Action.
      2. Click Create and select Slack Notification.
      3. Enter the following:

        Name

        slack2

        Delay

        90

        URL

        Paste the webhook URL from the clipboard

        Message

        Text

        Message text

        %%log%%

      4. Click OK.
      5. Select the action in the list and click Apply.
    6. Click OK.
    7. Trigger the automation stitch:
      1. Right-click the automation stitch and select Test Automation Stitch.

        After the Security Rating report is finished, the automation is triggered and an event log is created by the FortiGate. The two notifications are sent to the Slack channel.

    To configure an automation stitch with Slack Notification actions in the CLI:
    1. Configure the automation trigger:

      config system automation-trigger

      edit "auto-rating"

      set event-type security-rating-summary

      next

      end

    2. Configure the automation actions:

      config system automation-action

      edit "slack1"

      set action-type slack-notification

      set minimum-interval 0

      set delay 0

      set required disable

      set message-type text

      set message "This is test for slack notification."

      set uri "hooks.slack.com/services/xxxxxxxxx/xxxxxxxxx/xxxxxxxxxxxxxxxxxxxxxxxx"

      next

      edit "slack2"

      set action-type slack-notification

      set minimum-interval 0

      set delay 90

      set required disable

      set message-type text

      set message "%%log%%"

      set uri "hooks.slack.com/services/xxxxxxxxx/xxxxxxxxx/xxxxxxxxxxxxxxxxxxxxxxxx"

      next

      end

    3. Configure the automation stitch:

      config system automation-stitch

      edit "auto-rating"

      set status enable

      set trigger "auto-rating"

      set action "slack1" "slack2"

      next

      end

    4. Verify that the automation action was triggered:
      # diagnose test application autod 3
stitch: auto-rating 
    local hit: 1 relayed to: 0 relayed from: 0
    last trigger:Wed Feb 05 11:10:23 2020
    last relay:
    actions:
        slack1:
            done: 1 relayed to: 0 relayed from: 0
            last trigger:Wed Feb 11:10:23 2020
            last relay:
        slack2:
            done: 1 relayed to: 0 relayed from: 0
            last trigger:Wed Feb 05 11:10:23 2020
            last relay:
    Previous
    Next

    Slack Notification action

    Slack Notification action

    To configure an automation stitch with a Slack Notification action, you first need to configure an incoming webhook in Slack. Then you can enter the webhook URL when you configure the Slack Notification action.

    This example uses a Security Rating Summary trigger in the automation stitch with two Slack Notification actions with different notification messages. One message is a custom message, and the other is for the Security Rating Summary log with a 90 second delay.

    To create an Incoming Webhook in Slack:
    1. Go to the Slack website, and create a workspace.
    2. Create a Slack application for the workspace.

    3. Add an Incoming Webhook to a channel in the workspace (see Sending messages using Incoming Webhooks for more details).
    4. Activate the Incoming Webhook, and copy the Webhook URL to the clipboard.

    To configure an automation stitch with Slack Notification actions in the GUI:
    1. Go to Security Fabric > Automation and click Create New.
    2. Enter the stitch name.
    3. Configure the Security Rating Summary trigger:
      1. Click Add Trigger.
      2. Click Create and select Security Rating Summary.
      3. Enter the following:

        Name

        auto-rating

        Report

        Security Posture

      4. Click OK.
      5. Select the trigger in the list and click Apply.
    4. Configure the first Slack Notification action:
      1. Click Add Action.
      2. Click Create and select Slack Notification.
      3. Enter the following:

        Name

        slack1

        URL

        Paste the webhook URL from the clipboard

        Message

        Text

        Message text

        This is test for slack notification.

      4. Click OK.
      5. Select the action in the list and click Apply.
    5. Configure the second Slack Notification action:
      1. Click Add Action.
      2. Click Create and select Slack Notification.
      3. Enter the following:

        Name

        slack2

        Delay

        90

        URL

        Paste the webhook URL from the clipboard

        Message

        Text

        Message text

        %%log%%

      4. Click OK.
      5. Select the action in the list and click Apply.
    6. Click OK.
    7. Trigger the automation stitch:
      1. Right-click the automation stitch and select Test Automation Stitch.

        After the Security Rating report is finished, the automation is triggered and an event log is created by the FortiGate. The two notifications are sent to the Slack channel.

    To configure an automation stitch with Slack Notification actions in the CLI:
    1. Configure the automation trigger:

      config system automation-trigger

      edit "auto-rating"

      set event-type security-rating-summary

      next

      end

    2. Configure the automation actions:

      config system automation-action

      edit "slack1"

      set action-type slack-notification

      set minimum-interval 0

      set delay 0

      set required disable

      set message-type text

      set message "This is test for slack notification."

      set uri "hooks.slack.com/services/xxxxxxxxx/xxxxxxxxx/xxxxxxxxxxxxxxxxxxxxxxxx"

      next

      edit "slack2"

      set action-type slack-notification

      set minimum-interval 0

      set delay 90

      set required disable

      set message-type text

      set message "%%log%%"

      set uri "hooks.slack.com/services/xxxxxxxxx/xxxxxxxxx/xxxxxxxxxxxxxxxxxxxxxxxx"

      next

      end

    3. Configure the automation stitch:

      config system automation-stitch

      edit "auto-rating"

      set status enable

      set trigger "auto-rating"

      set action "slack1" "slack2"

      next

      end

    4. Verify that the automation action was triggered:
      # diagnose test application autod 3
stitch: auto-rating 
    local hit: 1 relayed to: 0 relayed from: 0
    last trigger:Wed Feb 05 11:10:23 2020
    last relay:
    actions:
        slack1:
            done: 1 relayed to: 0 relayed from: 0
            last trigger:Wed Feb 11:10:23 2020
            last relay:
        slack2:
            done: 1 relayed to: 0 relayed from: 0
            last trigger:Wed Feb 05 11:10:23 2020
            last relay:
    Previous
    Next