Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Products Best Practices Hardware Guides Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
    • More >>
    Unified SASE
  • Single Vendor SASE
  • Cloud Network Security
  • Secure Endpoint Connectivity
  • Web Application / API Protection
    • More >>
    Security Operations
  • Security Operations Automation
  • Identity
  • Early Detection & Prevention
    • More >>
    Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
  • Communication & Surveillance
    • Unified SASE
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Cloud Network Security
  • Cloud-Native Security
  • Web Application / API Protection
    • Security Operations
  • Security Operations Automation
  • Endpoint
  • Data Protection
  • Identity
  • Email
  • Early Detection & Prevention
  • Expert Services
  • Edge Firewall
  • Orchestration & management
  • SD Branch
  • Application Delivery
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Secure Private Access
  • Thin Edge
  • Identity
  • Application Gateway
  • Enterprise Asset Management
  • Endpoint Agent
  • Agentless Security Posture
  • Identity
  • Wireless
  • Switching
  • Identity
  • Privilege Acccess Management
  • Next Generation Firewall
  • Orchestration & management
  • Expert Services
  • All
  • All
  • Account Management
  • SAAS Management
  • SAAS Application Security
  • Managed Services
  • Platform as a service (PAAS)
  • Other SAAS Services
    • 4D Resources
    Solution Hubs
  • 4D Pillars
  • Cloud
  • Popular Solutions

    • Administration Guide

    Home FortiGate / FortiOS 7.4.1 Administration Guide
    7.4.1
    7.6.0
    7.4.5
    7.4.4
    7.4.3
    7.4.2
    7.4.1
    7.4.0
    7.2.10
    7.2.9
    7.2.8
    7.2.7
    7.2.6
    7.2.5
    7.2.4
    7.2.3
    7.2.2
    7.2.1
    7.2.0
    7.0.16
    7.0.15
    7.0.14
    7.0.13
    7.0.12
    7.0.11
    7.0.10
    7.0.9
    7.0.8
    7.0.7
    7.0.6
    7.0.5
    7.0.4
    7.0.3
    7.0.2
    7.0.1
    7.0.0
    6.4.15
    6.4.14
    6.4.13
    6.4.12
    6.4.11
    6.4.10
    6.4.9
    6.4.8
    6.4.7
    6.4.6
    6.4.5
    6.4.4
    6.4.3
    6.4.2
    6.4.1
    6.4.0

    Replacement messages for email alerts

    Replacement messages for email alerts

    Automation stitches with an Email action can leverage the formatting options provided by replacement messages to create branded email alerts.

    You can enable a replacement message and edit the message body or select a customized replacement message group when you configure the automation action. When the automation stitch is triggered, the FortiGate will send the email with the defined replacement message.

    In this example, a Security Rating report triggers an Email notification action. The email uses a customized replacement message group.

    To configure the replacement message group in the GUI:
    1. Go to System > Replacement Message Groups and click Create New.
    2. Enter the following:

      Name

      group-sec1

      Group Type

      Security

    3. Click OK.
    4. Select the group in the list and click Edit.
    5. Select Automation Alert Email and click Edit.

    6. Edit the HTML code as needed, then click Save.
    To configure the email action in the GUI:
    1. Go to Security Fabric > Automation and click Create New.
    2. Enter the stitch name.
    3. Configure the trigger:
      1. Click Add Trigger.
      2. Select Any Security Rating Notification.
      3. Click Apply.
    4. Configure the Email notification action:
      1. Click Add Action.
      2. Click Create and select Email.
      3. Enter the following:

        Name

        email-group1

        To

        Enter an email address

        Subject

        CSF stitch alert group1

        Replacement message

        Enable

        Customize messages

        Enable and select group-sec1 from the dropdown

      4. Click OK.
      5. Select the action in the list and click Apply.
    5. Click OK.
    6. Right-click the automation stitch, and click Test Automation Stitch.

      After the Security Rating report is finished, the automation is triggered, and the email is delivered with the customized replacement message in the email body.

    To configure the replacement message group in the CLI:
    config system replacemsg-group
    edit "group-sec1"
        set comment ""
        set group-type utm
        config automation
            edit "automation-email"
                set buffer "...<h1> Security Fabric Automation rating trigger </h1>..."
                ...
            next
        end
    next
end
    To configure the email action in the CLI:
    1. Configure the automation trigger: 
      config system automation-trigger
    edit "Any Security Rating Notification"
        set event-type security-rating-summary
        set report-type any			
    next
end
    2. Configure the automation action: 
      config system automation-action
    edit "email-group1"
        set action-type email
        set email-to "admin@fortinet.com"
        set email-subject "CSF stitch alert group1"
        set replacement-message enable
        set replacemsg-group "group-sec1"
    next
end
    3. Configure the automation stitch: 
      config system automation-stitch
    edit "auto_rating"
        set trigger "Any Security Rating Notification"
        config actions
            edit 1
                set action "email-group1"
                set required enable
            next
        end
    next
end
    4. To view the automation stitch information after it is triggered:
      # diagnose test application autod 3
stitch: auto_rating
        local hit: 1 relayed to: 0 relayed from: 0
        last trigger:Tue Mar 16 15:11:29 2021
        last relay:
        actions:
                email-group1:
                        done: 1 relayed to: 0 relayed from: 0
                        last trigger:Tue Mar 16 15:11:29 2021
                        last relay:

logid2stitch mapping:
id:52000  local hit: 1 relayed hits: 0
        auto_rating
    Previous
    Next

    Replacement messages for email alerts

    Replacement messages for email alerts

    Automation stitches with an Email action can leverage the formatting options provided by replacement messages to create branded email alerts.

    You can enable a replacement message and edit the message body or select a customized replacement message group when you configure the automation action. When the automation stitch is triggered, the FortiGate will send the email with the defined replacement message.

    In this example, a Security Rating report triggers an Email notification action. The email uses a customized replacement message group.

    To configure the replacement message group in the GUI:
    1. Go to System > Replacement Message Groups and click Create New.
    2. Enter the following:

      Name

      group-sec1

      Group Type

      Security

    3. Click OK.
    4. Select the group in the list and click Edit.
    5. Select Automation Alert Email and click Edit.

    6. Edit the HTML code as needed, then click Save.
    To configure the email action in the GUI:
    1. Go to Security Fabric > Automation and click Create New.
    2. Enter the stitch name.
    3. Configure the trigger:
      1. Click Add Trigger.
      2. Select Any Security Rating Notification.
      3. Click Apply.
    4. Configure the Email notification action:
      1. Click Add Action.
      2. Click Create and select Email.
      3. Enter the following:

        Name

        email-group1

        To

        Enter an email address

        Subject

        CSF stitch alert group1

        Replacement message

        Enable

        Customize messages

        Enable and select group-sec1 from the dropdown

      4. Click OK.
      5. Select the action in the list and click Apply.
    5. Click OK.
    6. Right-click the automation stitch, and click Test Automation Stitch.

      After the Security Rating report is finished, the automation is triggered, and the email is delivered with the customized replacement message in the email body.

    To configure the replacement message group in the CLI:
    config system replacemsg-group
    edit "group-sec1"
        set comment ""
        set group-type utm
        config automation
            edit "automation-email"
                set buffer "...<h1> Security Fabric Automation rating trigger </h1>..."
                ...
            next
        end
    next
end
    To configure the email action in the CLI:
    1. Configure the automation trigger: 
      config system automation-trigger
    edit "Any Security Rating Notification"
        set event-type security-rating-summary
        set report-type any			
    next
end
    2. Configure the automation action: 
      config system automation-action
    edit "email-group1"
        set action-type email
        set email-to "admin@fortinet.com"
        set email-subject "CSF stitch alert group1"
        set replacement-message enable
        set replacemsg-group "group-sec1"
    next
end
    3. Configure the automation stitch: 
      config system automation-stitch
    edit "auto_rating"
        set trigger "Any Security Rating Notification"
        config actions
            edit 1
                set action "email-group1"
                set required enable
            next
        end
    next
end
    4. To view the automation stitch information after it is triggered:
      # diagnose test application autod 3
stitch: auto_rating
        local hit: 1 relayed to: 0 relayed from: 0
        last trigger:Tue Mar 16 15:11:29 2021
        last relay:
        actions:
                email-group1:
                        done: 1 relayed to: 0 relayed from: 0
                        last trigger:Tue Mar 16 15:11:29 2021
                        last relay:

logid2stitch mapping:
id:52000  local hit: 1 relayed hits: 0
        auto_rating
    Previous
    Next