Fortinet black logo

Administration Guide

Replacement messages for email alerts

Replacement messages for email alerts

Automation stitches with an Email action can leverage the formatting options provided by replacement messages to create branded email alerts.

You can enable a replacement message and edit the message body or select a customized replacement message group when you configure the automation action. When the automation stitch is triggered, the FortiGate will send the email with the defined replacement message.

In this example, a Security Rating report triggers an Email notification action. The email uses a customized replacement message group.

To configure the replacement message group in the GUI:
  1. Go to System > Replacement Message Groups and click Create New.
  2. Enter the following:

    Name

    group-sec1

    Group Type

    Security

  3. Click OK.
  4. Select the group in the list and click Edit.
  5. Select Automation Alert Email and click Edit.

  6. Edit the HTML code as needed, then click Save.
To configure the email action in the GUI:
  1. Go to Security Fabric > Automation and click Create New.
  2. Enter the stitch name.
  3. Configure the trigger:
    1. Click Add Trigger.
    2. Click Create and select Security Rating Summary.
    3. Enter the following:

      Name

      rating_posture

      Description

      rating test

      Report

      Security Posture

    4. Click OK.
    5. Select the trigger in the list and click Apply.
  4. Configure the Email notification action:
    1. Click Add Action.
    2. Click Create and select Email.
    3. Enter the following:

      Name

      email-group1

      To

      Enter an email address

      Subject

      CSF stitch alert group1

      Replacement message

      Enable

      Customize messages

      Enable and select group-sec1 from the dropdown

    4. Click OK.
    5. Select the action in the list and click Apply.
  5. Click OK.
  6. Right-click the automation stitch, and click Test Automation Stitch.

    After the Security Rating report is finished, the automation is triggered, and the email is delivered with the customized replacement message in the email body.

To configure the replacement message group in the CLI:
config system replacemsg-group
    edit "group-sec1"
        set comment ""
        set group-type utm
        config automation
            edit "automation-email"
                set buffer "...<h1> Security Fabric Automation rating trigger </h1>..."
                ...
            next
        end
    next
end
To configure the email action in the CLI:
  1. Configure the automation trigger:
    config system automation-trigger
        edit "rating_posture"
            set description "rating test"
            set event-type security-rating-summary
        next
    end
  2. Configure the automation action:
    config system automation-action
        edit "email-group1"
            set action-type email
            set email-to "admin@fortinet.com"
            set email-subject "CSF stitch alert group1"
            set replacement-message enable
            set replacemsg-group "group-sec1"
        next
    end
  3. Configure the automation stitch:
    config system automation-stitch
        edit "auto_rating"
            set trigger "rating_posture"
            config actions
                edit 1
                    set action "email-group1"
                    set required enable
                next
            end
        next
    end
  4. To view the automation stitch information after it is triggered:
    # diagnose test application autod 3
    stitch: auto_rating
            local hit: 1 relayed to: 0 relayed from: 0
            last trigger:Tue Mar 16 15:11:29 2021
            last relay:
            actions:
                    email-group1:
                            done: 1 relayed to: 0 relayed from: 0
                            last trigger:Tue Mar 16 15:11:29 2021
                            last relay:
    
    logid2stitch mapping:
    id:52000  local hit: 1 relayed hits: 0
            auto_rating

Replacement messages for email alerts

Automation stitches with an Email action can leverage the formatting options provided by replacement messages to create branded email alerts.

You can enable a replacement message and edit the message body or select a customized replacement message group when you configure the automation action. When the automation stitch is triggered, the FortiGate will send the email with the defined replacement message.

In this example, a Security Rating report triggers an Email notification action. The email uses a customized replacement message group.

To configure the replacement message group in the GUI:
  1. Go to System > Replacement Message Groups and click Create New.
  2. Enter the following:

    Name

    group-sec1

    Group Type

    Security

  3. Click OK.
  4. Select the group in the list and click Edit.
  5. Select Automation Alert Email and click Edit.

  6. Edit the HTML code as needed, then click Save.
To configure the email action in the GUI:
  1. Go to Security Fabric > Automation and click Create New.
  2. Enter the stitch name.
  3. Configure the trigger:
    1. Click Add Trigger.
    2. Click Create and select Security Rating Summary.
    3. Enter the following:

      Name

      rating_posture

      Description

      rating test

      Report

      Security Posture

    4. Click OK.
    5. Select the trigger in the list and click Apply.
  4. Configure the Email notification action:
    1. Click Add Action.
    2. Click Create and select Email.
    3. Enter the following:

      Name

      email-group1

      To

      Enter an email address

      Subject

      CSF stitch alert group1

      Replacement message

      Enable

      Customize messages

      Enable and select group-sec1 from the dropdown

    4. Click OK.
    5. Select the action in the list and click Apply.
  5. Click OK.
  6. Right-click the automation stitch, and click Test Automation Stitch.

    After the Security Rating report is finished, the automation is triggered, and the email is delivered with the customized replacement message in the email body.

To configure the replacement message group in the CLI:
config system replacemsg-group
    edit "group-sec1"
        set comment ""
        set group-type utm
        config automation
            edit "automation-email"
                set buffer "...<h1> Security Fabric Automation rating trigger </h1>..."
                ...
            next
        end
    next
end
To configure the email action in the CLI:
  1. Configure the automation trigger:
    config system automation-trigger
        edit "rating_posture"
            set description "rating test"
            set event-type security-rating-summary
        next
    end
  2. Configure the automation action:
    config system automation-action
        edit "email-group1"
            set action-type email
            set email-to "admin@fortinet.com"
            set email-subject "CSF stitch alert group1"
            set replacement-message enable
            set replacemsg-group "group-sec1"
        next
    end
  3. Configure the automation stitch:
    config system automation-stitch
        edit "auto_rating"
            set trigger "rating_posture"
            config actions
                edit 1
                    set action "email-group1"
                    set required enable
                next
            end
        next
    end
  4. To view the automation stitch information after it is triggered:
    # diagnose test application autod 3
    stitch: auto_rating
            local hit: 1 relayed to: 0 relayed from: 0
            last trigger:Tue Mar 16 15:11:29 2021
            last relay:
            actions:
                    email-group1:
                            done: 1 relayed to: 0 relayed from: 0
                            last trigger:Tue Mar 16 15:11:29 2021
                            last relay:
    
    logid2stitch mapping:
    id:52000  local hit: 1 relayed hits: 0
            auto_rating