The following table outlines the available triggers.




Security Fabric


Compromised Host

An indicator of compromise (IoC) is detected on a host endpoint.

The threat level must be selected and can be Medium or High. If Medium is selected, both medium and high level threats are included.

Additional actions are available only for Compromised Host triggers:

  • Access Layer Quarantine
  • FortiClient Quarantine
  • VMware NSX Security Tag
  • IP Ban


Security Rating Summary

A summary is available for a recently run Security Rating report. Options include:

  • Security Posture
  • Fabric Coverage
  • Optimization