Fortinet black logo

Administration Guide

Slack Notification action

Slack Notification action

To configure an automation stitch with a Slack Notification action, you first need to configure an incoming webhook in Slack. Then you can enter the webhook URL when you configure the Slack Notification action.

This example uses the default Any Security Rating Notification trigger in the automation stitch with two Slack Notification actions with different notification messages. One message is a custom message, and the other is for the Security Rating Summary log with a 90 second delay.

To create an Incoming Webhook in Slack:
  1. Go to the Slack website, and create a workspace.
  2. Create a Slack application for the workspace.

  3. Add an Incoming Webhook to a channel in the workspace (see Sending messages using Incoming Webhooks for more details).
  4. Activate the Incoming Webhook, and copy the Webhook URL to the clipboard.

To configure an automation stitch with Slack Notification actions in the GUI:
  1. Go to Security Fabric > Automation and click Create New.
  2. Enter the stitch name.
  3. Configure the trigger:
    1. Click Add Trigger.
    2. Select Any Security Rating Notification.
    3. Click Apply.
  4. Configure the first Slack Notification action:
    1. Click Add Action.
    2. Click Create and select Slack Notification.
    3. Enter the following:

      Name

      slack1

      URL

      Paste the webhook URL from the clipboard

      Message

      Text

      Message text

      This is test for slack notification.

    4. Click OK.
    5. Select the action in the list and click Apply.
  5. Configure the second Slack Notification action:
    1. Click Add Action.
    2. Click Create and select Slack Notification.
    3. Enter the following:

      Name

      slack2

      URL

      Paste the webhook URL from the clipboard

      Message

      Text

      Message text

      %%log%%

    4. Click OK.
    5. Select the action in the list and click Apply.
    6. Click the Add delay located between both actions. Enter 90 and click OK.

  6. Click OK.
  7. Trigger the automation stitch:
    1. Right-click the automation stitch and select Test Automation Stitch.

      After the Security Rating report is finished, the automation is triggered and an event log is created by the FortiGate. The two notifications are sent to the Slack channel.

To configure an automation stitch with Slack Notification actions in the CLI:
  1. Configure the automation trigger:
    config system automation-trigger
        edit "Any Security Rating Notification"
            set event-type security-rating-summary
            set report-type any			
        next
    end
  2. Configure the automation actions:
    config system automation-action
        edit "slack1"
            set action-type slack-notification
            set message "This is test for slack notification."
            set uri "hooks.slack.com/services/xxxxxxxxx/xxxxxxxxx/xxxxxxxxxxxxxxxxxxxxxxxx"
        next
        edit "slack2"
            set action-type slack-notification
            set uri "hooks.slack.com/services/xxxxxxxxx/xxxxxxxxx/xxxxxxxxxxxxxxxxxxxxxxxx"
        next
    end
  3. Configure the automation stitch:
    config system automation-stitch
        edit "auto_rating"
            set trigger "Any Security Rating Notification"
            config actions
                edit 1
                    set action "slack1"
                    set required enable
                next
                edit 2
                    set action "slack2"
                    set delay 90
                    set required enable
                next
            end
        next
    end
  4. Verify that the automation action was triggered:
    # diagnose test application autod 3
    stitch: auto-rating 
        local hit: 1 relayed to: 0 relayed from: 0
        last trigger:Wed Feb 05 11:10:23 2020
        last relay:
        actions:
            slack1:
                done: 1 relayed to: 0 relayed from: 0
                last trigger:Wed Feb 11:10:23 2020
                last relay:
            slack2:
                done: 1 relayed to: 0 relayed from: 0
                last trigger:Wed Feb 05 11:10:23 2020
                last relay:

Slack Notification action

To configure an automation stitch with a Slack Notification action, you first need to configure an incoming webhook in Slack. Then you can enter the webhook URL when you configure the Slack Notification action.

This example uses the default Any Security Rating Notification trigger in the automation stitch with two Slack Notification actions with different notification messages. One message is a custom message, and the other is for the Security Rating Summary log with a 90 second delay.

To create an Incoming Webhook in Slack:
  1. Go to the Slack website, and create a workspace.
  2. Create a Slack application for the workspace.

  3. Add an Incoming Webhook to a channel in the workspace (see Sending messages using Incoming Webhooks for more details).
  4. Activate the Incoming Webhook, and copy the Webhook URL to the clipboard.

To configure an automation stitch with Slack Notification actions in the GUI:
  1. Go to Security Fabric > Automation and click Create New.
  2. Enter the stitch name.
  3. Configure the trigger:
    1. Click Add Trigger.
    2. Select Any Security Rating Notification.
    3. Click Apply.
  4. Configure the first Slack Notification action:
    1. Click Add Action.
    2. Click Create and select Slack Notification.
    3. Enter the following:

      Name

      slack1

      URL

      Paste the webhook URL from the clipboard

      Message

      Text

      Message text

      This is test for slack notification.

    4. Click OK.
    5. Select the action in the list and click Apply.
  5. Configure the second Slack Notification action:
    1. Click Add Action.
    2. Click Create and select Slack Notification.
    3. Enter the following:

      Name

      slack2

      URL

      Paste the webhook URL from the clipboard

      Message

      Text

      Message text

      %%log%%

    4. Click OK.
    5. Select the action in the list and click Apply.
    6. Click the Add delay located between both actions. Enter 90 and click OK.

  6. Click OK.
  7. Trigger the automation stitch:
    1. Right-click the automation stitch and select Test Automation Stitch.

      After the Security Rating report is finished, the automation is triggered and an event log is created by the FortiGate. The two notifications are sent to the Slack channel.

To configure an automation stitch with Slack Notification actions in the CLI:
  1. Configure the automation trigger:
    config system automation-trigger
        edit "Any Security Rating Notification"
            set event-type security-rating-summary
            set report-type any			
        next
    end
  2. Configure the automation actions:
    config system automation-action
        edit "slack1"
            set action-type slack-notification
            set message "This is test for slack notification."
            set uri "hooks.slack.com/services/xxxxxxxxx/xxxxxxxxx/xxxxxxxxxxxxxxxxxxxxxxxx"
        next
        edit "slack2"
            set action-type slack-notification
            set uri "hooks.slack.com/services/xxxxxxxxx/xxxxxxxxx/xxxxxxxxxxxxxxxxxxxxxxxx"
        next
    end
  3. Configure the automation stitch:
    config system automation-stitch
        edit "auto_rating"
            set trigger "Any Security Rating Notification"
            config actions
                edit 1
                    set action "slack1"
                    set required enable
                next
                edit 2
                    set action "slack2"
                    set delay 90
                    set required enable
                next
            end
        next
    end
  4. Verify that the automation action was triggered:
    # diagnose test application autod 3
    stitch: auto-rating 
        local hit: 1 relayed to: 0 relayed from: 0
        last trigger:Wed Feb 05 11:10:23 2020
        last relay:
        actions:
            slack1:
                done: 1 relayed to: 0 relayed from: 0
                last trigger:Wed Feb 11:10:23 2020
                last relay:
            slack2:
                done: 1 relayed to: 0 relayed from: 0
                last trigger:Wed Feb 05 11:10:23 2020
                last relay: