Fortinet white logo
Fortinet white logo

Administration Guide

Creating automation stitches

Creating automation stitches

To create an automation stitch, a trigger event and a response action or actions are selected. Automation stitches can be tested after they are created.

In the GUI, go to Security Fabric > Automation and click Create New. Automation stitches, actions, and triggers are configured in separate dialogs.

The stitch Action execution can be set to either Sequential or Parallel. In sequential execution, actions will execute one after another with a delay (if specified). If one action fails, then the action chain stops. This is the default setting. In parallel execution, all actions will execute immediately when the stitch is triggered.

When creating a stitch, clicking Add Trigger and Add Action displays a list of available triggers and actions, and the option to create a new one.

Once the stitch is configured, a process diagram of the trigger, actions, and delays is displayed. A delay can be added before an action if Sequential action execution is used. Executing the next action can be delayed by up to 3600 seconds (one hour).

Tooltip

Triggers and actions can be configured separately, and then added to an automation stitch.

The maximum number of automation stitches that are allowed to run concurrently can be configured in the CLI (32 - 256, default = 128).

To configure the maximum number of concurrent automation stitches:
config automation setting
    set max-concurrent-stitches <integer>
end

Tabs on the Automation page

On the Security Fabric > Automation page, there are tabs for Stitch, Trigger, and Action. The Stitch tab is the default view that lists the trigger and actions used in each stitch. Individual triggers and actions can be created or edited in the corresponding tabs.

Click Trigger to view the list of triggers.

Click Action to view the list of actions.

Sample configuration

The following example shows how to configure a Security Rating Summary automation stitch with AWS Lambda and Email actions. There is a 60-second delay before the Email action.

To configure the automation stitch in the GUI:
  1. Go to Security Fabric > Automation and click Create New.
  2. Enter the stitch name and description.
  3. Configure the trigger:
    1. Click Add Trigger.
    2. Click Create and select Security Rating Summary.
    3. Enter the following:

      Name

      aws_no_delay

      Report

      Security Posture

    4. Click OK.
    5. Select the trigger in the list and click Apply.

  4. Configure the AWS Lambda function action:
    1. Click Add Action.
    2. Click Create and select AWS Lambda.
    3. Enter the following:

      Name

      aws_no_delay

      URL

      Enter the request API URI

      API key

      Enter the API key

      HTTP header

      header2 : header2_value

    4. Click OK.
    5. Select the action in the list and click Apply.
  5. Configure the Email notification action:
    1. Click Add Action.
    2. Click Create and select Email.
    3. Enter the following:

      Name

      email_action

      To

      Enter an email address

      Subject

      email action for test

      Replacement message

      Enable

    4. Click OK.
    5. Select the action in the list and click Apply.
  6. Click the Add delay located between both actions. Enter 60 and click OK.

  7. Click OK.
To configure the automation stitch in the CLI:
  1. Configure the trigger:
    config system automation-trigger
        edit "aws_no_delay"
            set event-type security-rating-summary
        next
    end
  2. Configure the actions:
    config system automation-action
        edit "aws_no_delay"
            set action-type aws-lambda
            set aws-api-key xxxxxxxxxxxx
            set uri "xxxxxxxxxx.execute-api.us-east-1.amazonaws.com/xxxxxxxxxx"
            config http-headers
                edit 1
                    set key "header2"
                    set value "header2_value"
                next
            end
        next
        edit "email_action"
            set action-type email
            set email-to "test@fortinet.com"
            set email-subject "email action for test"
            set replacement-message enable
        next
    end
  3. Configure the stitch:
    config system automation-stitch
        edit "aws_no_delay"
            set description "aws action test"
            set trigger "aws_no_delay"
            config actions
                edit 1
                    set action "aws_no_delay"
                    set required enable
                next
                edit 2
                    set action "email_action"
                    set delay 60
                    set required enable
                next
            end
        next
    end

Testing automation stitches

In the GUI, go to Security Fabric > Automation, right-click on the automation stitch and select Test Automation Stitch.

In the CLI, enter diagnose automation test <automation-stitch name>.

Creating automation stitches

Creating automation stitches

To create an automation stitch, a trigger event and a response action or actions are selected. Automation stitches can be tested after they are created.

In the GUI, go to Security Fabric > Automation and click Create New. Automation stitches, actions, and triggers are configured in separate dialogs.

The stitch Action execution can be set to either Sequential or Parallel. In sequential execution, actions will execute one after another with a delay (if specified). If one action fails, then the action chain stops. This is the default setting. In parallel execution, all actions will execute immediately when the stitch is triggered.

When creating a stitch, clicking Add Trigger and Add Action displays a list of available triggers and actions, and the option to create a new one.

Once the stitch is configured, a process diagram of the trigger, actions, and delays is displayed. A delay can be added before an action if Sequential action execution is used. Executing the next action can be delayed by up to 3600 seconds (one hour).

Tooltip

Triggers and actions can be configured separately, and then added to an automation stitch.

The maximum number of automation stitches that are allowed to run concurrently can be configured in the CLI (32 - 256, default = 128).

To configure the maximum number of concurrent automation stitches:
config automation setting
    set max-concurrent-stitches <integer>
end

Tabs on the Automation page

On the Security Fabric > Automation page, there are tabs for Stitch, Trigger, and Action. The Stitch tab is the default view that lists the trigger and actions used in each stitch. Individual triggers and actions can be created or edited in the corresponding tabs.

Click Trigger to view the list of triggers.

Click Action to view the list of actions.

Sample configuration

The following example shows how to configure a Security Rating Summary automation stitch with AWS Lambda and Email actions. There is a 60-second delay before the Email action.

To configure the automation stitch in the GUI:
  1. Go to Security Fabric > Automation and click Create New.
  2. Enter the stitch name and description.
  3. Configure the trigger:
    1. Click Add Trigger.
    2. Click Create and select Security Rating Summary.
    3. Enter the following:

      Name

      aws_no_delay

      Report

      Security Posture

    4. Click OK.
    5. Select the trigger in the list and click Apply.

  4. Configure the AWS Lambda function action:
    1. Click Add Action.
    2. Click Create and select AWS Lambda.
    3. Enter the following:

      Name

      aws_no_delay

      URL

      Enter the request API URI

      API key

      Enter the API key

      HTTP header

      header2 : header2_value

    4. Click OK.
    5. Select the action in the list and click Apply.
  5. Configure the Email notification action:
    1. Click Add Action.
    2. Click Create and select Email.
    3. Enter the following:

      Name

      email_action

      To

      Enter an email address

      Subject

      email action for test

      Replacement message

      Enable

    4. Click OK.
    5. Select the action in the list and click Apply.
  6. Click the Add delay located between both actions. Enter 60 and click OK.

  7. Click OK.
To configure the automation stitch in the CLI:
  1. Configure the trigger:
    config system automation-trigger
        edit "aws_no_delay"
            set event-type security-rating-summary
        next
    end
  2. Configure the actions:
    config system automation-action
        edit "aws_no_delay"
            set action-type aws-lambda
            set aws-api-key xxxxxxxxxxxx
            set uri "xxxxxxxxxx.execute-api.us-east-1.amazonaws.com/xxxxxxxxxx"
            config http-headers
                edit 1
                    set key "header2"
                    set value "header2_value"
                next
            end
        next
        edit "email_action"
            set action-type email
            set email-to "test@fortinet.com"
            set email-subject "email action for test"
            set replacement-message enable
        next
    end
  3. Configure the stitch:
    config system automation-stitch
        edit "aws_no_delay"
            set description "aws action test"
            set trigger "aws_no_delay"
            config actions
                edit 1
                    set action "aws_no_delay"
                    set required enable
                next
                edit 2
                    set action "email_action"
                    set delay 60
                    set required enable
                next
            end
        next
    end

Testing automation stitches

In the GUI, go to Security Fabric > Automation, right-click on the automation stitch and select Test Automation Stitch.

In the CLI, enter diagnose automation test <automation-stitch name>.