Fortinet black logo

Administration Guide

Slack Notification action

Slack Notification action

To configure an automation stitch with a Slack Notification action, you first need to configure an incoming webhook in Slack. Then you can enter the webhook URL when you configure the Slack Notification action.

This example uses a Security Rating Summary trigger in the automation stitch with two Slack Notification actions with different notification messages. One message is a custom message, and the other is for the Security Rating Summary log with a 90 second delay.

To create an Incoming Webhook in Slack:
  1. Go to the Slack website, and create a workspace.
  2. Create a Slack application for the workspace.

  3. Add an Incoming Webhook to a channel in the workspace (see Sending messages using Incoming Webhooks for more details).
  4. Activate the Incoming Webhook, and copy the Webhook URL to the clipboard.

To configure an automation stitch with Slack Notification actions in the GUI:
  1. Go to Security Fabric > Automation and click Create New.
  2. Enter the stitch name.
  3. Configure the Security Rating Summary trigger:
    1. Click Add Trigger.
    2. Click Create and select Security Rating Summary.
    3. Enter the following:

      Name

      auto-rating

      Report

      Security Posture

    4. Click OK.
    5. Select the trigger in the list and click Apply.
  4. Configure the first Slack Notification action:
    1. Click Add Action.
    2. Click Create and select Slack Notification.
    3. Enter the following:

      Name

      slack1

      URL

      Paste the webhook URL from the clipboard

      Message

      Text

      Message text

      This is test for slack notification.

    4. Click OK.
    5. Select the action in the list and click Apply.
  5. Configure the second Slack Notification action:
    1. Click Add Action.
    2. Click Create and select Slack Notification.
    3. Enter the following:

      Name

      slack2

      Delay

      90

      URL

      Paste the webhook URL from the clipboard

      Message

      Text

      Message text

      %%log%%

    4. Click OK.
    5. Select the action in the list and click Apply.
  6. Click OK.
  7. Trigger the automation stitch:
    1. Right-click the automation stitch and select Test Automation Stitch.

      After the Security Rating report is finished, the automation is triggered and an event log is created by the FortiGate. The two notifications are sent to the Slack channel.

To configure an automation stitch with Slack Notification actions in the CLI:
  1. Configure the automation trigger:

    config system automation-trigger

    edit "auto-rating"

    set event-type security-rating-summary

    next

    end

  2. Configure the automation actions:

    config system automation-action

    edit "slack1"

    set action-type slack-notification

    set minimum-interval 0

    set delay 0

    set required disable

    set message-type text

    set message "This is test for slack notification."

    set uri "hooks.slack.com/services/xxxxxxxxx/xxxxxxxxx/xxxxxxxxxxxxxxxxxxxxxxxx"

    next

    edit "slack2"

    set action-type slack-notification

    set minimum-interval 0

    set delay 90

    set required disable

    set message-type text

    set message "%%log%%"

    set uri "hooks.slack.com/services/xxxxxxxxx/xxxxxxxxx/xxxxxxxxxxxxxxxxxxxxxxxx"

    next

    end

  3. Configure the automation stitch:

    config system automation-stitch

    edit "auto-rating"

    set status enable

    set trigger "auto-rating"

    set action "slack1" "slack2"

    next

    end

  4. Verify that the automation action was triggered:
    # diagnose test application autod 3
    stitch: auto-rating 
        local hit: 1 relayed to: 0 relayed from: 0
        last trigger:Wed Feb 05 11:10:23 2020
        last relay:
        actions:
            slack1:
                done: 1 relayed to: 0 relayed from: 0
                last trigger:Wed Feb 11:10:23 2020
                last relay:
            slack2:
                done: 1 relayed to: 0 relayed from: 0
                last trigger:Wed Feb 05 11:10:23 2020
                last relay:

Slack Notification action

To configure an automation stitch with a Slack Notification action, you first need to configure an incoming webhook in Slack. Then you can enter the webhook URL when you configure the Slack Notification action.

This example uses a Security Rating Summary trigger in the automation stitch with two Slack Notification actions with different notification messages. One message is a custom message, and the other is for the Security Rating Summary log with a 90 second delay.

To create an Incoming Webhook in Slack:
  1. Go to the Slack website, and create a workspace.
  2. Create a Slack application for the workspace.

  3. Add an Incoming Webhook to a channel in the workspace (see Sending messages using Incoming Webhooks for more details).
  4. Activate the Incoming Webhook, and copy the Webhook URL to the clipboard.

To configure an automation stitch with Slack Notification actions in the GUI:
  1. Go to Security Fabric > Automation and click Create New.
  2. Enter the stitch name.
  3. Configure the Security Rating Summary trigger:
    1. Click Add Trigger.
    2. Click Create and select Security Rating Summary.
    3. Enter the following:

      Name

      auto-rating

      Report

      Security Posture

    4. Click OK.
    5. Select the trigger in the list and click Apply.
  4. Configure the first Slack Notification action:
    1. Click Add Action.
    2. Click Create and select Slack Notification.
    3. Enter the following:

      Name

      slack1

      URL

      Paste the webhook URL from the clipboard

      Message

      Text

      Message text

      This is test for slack notification.

    4. Click OK.
    5. Select the action in the list and click Apply.
  5. Configure the second Slack Notification action:
    1. Click Add Action.
    2. Click Create and select Slack Notification.
    3. Enter the following:

      Name

      slack2

      Delay

      90

      URL

      Paste the webhook URL from the clipboard

      Message

      Text

      Message text

      %%log%%

    4. Click OK.
    5. Select the action in the list and click Apply.
  6. Click OK.
  7. Trigger the automation stitch:
    1. Right-click the automation stitch and select Test Automation Stitch.

      After the Security Rating report is finished, the automation is triggered and an event log is created by the FortiGate. The two notifications are sent to the Slack channel.

To configure an automation stitch with Slack Notification actions in the CLI:
  1. Configure the automation trigger:

    config system automation-trigger

    edit "auto-rating"

    set event-type security-rating-summary

    next

    end

  2. Configure the automation actions:

    config system automation-action

    edit "slack1"

    set action-type slack-notification

    set minimum-interval 0

    set delay 0

    set required disable

    set message-type text

    set message "This is test for slack notification."

    set uri "hooks.slack.com/services/xxxxxxxxx/xxxxxxxxx/xxxxxxxxxxxxxxxxxxxxxxxx"

    next

    edit "slack2"

    set action-type slack-notification

    set minimum-interval 0

    set delay 90

    set required disable

    set message-type text

    set message "%%log%%"

    set uri "hooks.slack.com/services/xxxxxxxxx/xxxxxxxxx/xxxxxxxxxxxxxxxxxxxxxxxx"

    next

    end

  3. Configure the automation stitch:

    config system automation-stitch

    edit "auto-rating"

    set status enable

    set trigger "auto-rating"

    set action "slack1" "slack2"

    next

    end

  4. Verify that the automation action was triggered:
    # diagnose test application autod 3
    stitch: auto-rating 
        local hit: 1 relayed to: 0 relayed from: 0
        last trigger:Wed Feb 05 11:10:23 2020
        last relay:
        actions:
            slack1:
                done: 1 relayed to: 0 relayed from: 0
                last trigger:Wed Feb 11:10:23 2020
                last relay:
            slack2:
                done: 1 relayed to: 0 relayed from: 0
                last trigger:Wed Feb 05 11:10:23 2020
                last relay: