Fortinet black logo

User Guide

Create an incident using email

24.1.0
Copy Link
Copy Doc ID af1daa65-c273-11ec-9fd1-fa163e15d75b:242994
Download PDF

Create an incident using email

Note: This feature is in beta release. Please contact us to have the feature enabled on your account.

You can setup one or more email addresses within FortiMonitor to serve as a gateway for incoming incident emails. Each email gateway will have an auto-generated email address assigned to it, allowing you to target specific instances or different alerting workflows.

Emails with incident information in the header or body can be used to start or end incidents. The email content options are described in Email content options.

Create a custom incident

A custom incident is required to be created on each target instance. Once a custom incident is created, take note of the Plugin Textkey and Resource Textkey. These values are used in the body of incident emails.

To create a custom incident, follow the instructions detailed in Create custom incidents.

Create an email gateway

To add an email gateway, perform the following steps:

  1. From the main navigation header, select Settings > Email Incident Gateway. From here you can also see a list of the gateways you have created.

  2. Click New Gateway. A Gateway Address will be automatically assigned to the gateway.

  3. Add a description for the gateway address.

  4. Click Add Gateway.

Email content options

Currently, there are two types of supported email content.

  • Email headers

  • JSON payload

See the following table for more details.

Note: Some proprietary email format (Aviatrix, etc.) can also be processed by the gateway. Contact Support to learn more.

Email Headers

JSON Payload

Description

X-FMN-FQDN

fqdn

The IP or FQDN of the instance to attach the incident to.

X-FMN-Plugin-Textkey

plugin_textkey

The timestamp of when the incident starts or ends. If not provided, defaults to the time when the email message was received.

X-FMN-Resource-Textkey

resource_textkey

The textkeys to use for the custom incident metric that the incident is attached to. Used to tie in to the custom incident filter to pick up alerting criteria. For more information, see Create custom incidents.

X-FMN-Timestamp

timestamp

X-FMN-Description

description

Free text field to describe the incident

X-FMN-Action

action

Used to indicate if the email is starting or resolving an incident. Available options:

  • start

  • end

Usage examples

Email Headers

Email headers can include the following:

X-FMN-FQDN: fortinet.com

X-FMN-Plugin-Textkey: com.mysite.email

X-FMN-Resource-Textkey: com.resource.email

X-FMN-Description: "short desc of the issue",

X-FMN-Action: start

JSON Payload

You can send an email with the body of the email being a JSON dictionary with the following keys:

{

"fqdn": "fortinet.com",

"plugin_textkey":"com.mysite.email",

"resource_textkey":"com.resource.email",

"description":"short desc of the issue",

"action":"start",

}

Incident details

Incidents created by email will be logged in the Timeline & Messages feed in the incident's details page. The message includes the incident type (start, end), description, and the sender's email.

View email history

Clicking one of the links under the Total Messages column in the Email Incident Gateway Management page shows a table view of all messages that have been sent to the gateway, along with their status.

Clicking the View link brings up a modal to show the actual email message.

Create an incident using email

Note: This feature is in beta release. Please contact us to have the feature enabled on your account.

You can setup one or more email addresses within FortiMonitor to serve as a gateway for incoming incident emails. Each email gateway will have an auto-generated email address assigned to it, allowing you to target specific instances or different alerting workflows.

Emails with incident information in the header or body can be used to start or end incidents. The email content options are described in Email content options.

Create a custom incident

A custom incident is required to be created on each target instance. Once a custom incident is created, take note of the Plugin Textkey and Resource Textkey. These values are used in the body of incident emails.

To create a custom incident, follow the instructions detailed in Create custom incidents.

Create an email gateway

To add an email gateway, perform the following steps:

  1. From the main navigation header, select Settings > Email Incident Gateway. From here you can also see a list of the gateways you have created.

  2. Click New Gateway. A Gateway Address will be automatically assigned to the gateway.

  3. Add a description for the gateway address.

  4. Click Add Gateway.

Email content options

Currently, there are two types of supported email content.

  • Email headers

  • JSON payload

See the following table for more details.

Note: Some proprietary email format (Aviatrix, etc.) can also be processed by the gateway. Contact Support to learn more.

Email Headers

JSON Payload

Description

X-FMN-FQDN

fqdn

The IP or FQDN of the instance to attach the incident to.

X-FMN-Plugin-Textkey

plugin_textkey

The timestamp of when the incident starts or ends. If not provided, defaults to the time when the email message was received.

X-FMN-Resource-Textkey

resource_textkey

The textkeys to use for the custom incident metric that the incident is attached to. Used to tie in to the custom incident filter to pick up alerting criteria. For more information, see Create custom incidents.

X-FMN-Timestamp

timestamp

X-FMN-Description

description

Free text field to describe the incident

X-FMN-Action

action

Used to indicate if the email is starting or resolving an incident. Available options:

  • start

  • end

Usage examples

Email Headers

Email headers can include the following:

X-FMN-FQDN: fortinet.com

X-FMN-Plugin-Textkey: com.mysite.email

X-FMN-Resource-Textkey: com.resource.email

X-FMN-Description: "short desc of the issue",

X-FMN-Action: start

JSON Payload

You can send an email with the body of the email being a JSON dictionary with the following keys:

{

"fqdn": "fortinet.com",

"plugin_textkey":"com.mysite.email",

"resource_textkey":"com.resource.email",

"description":"short desc of the issue",

"action":"start",

}

Incident details

Incidents created by email will be logged in the Timeline & Messages feed in the incident's details page. The message includes the incident type (start, end), description, and the sender's email.

View email history

Clicking one of the links under the Total Messages column in the Email Incident Gateway Management page shows a table view of all messages that have been sent to the gateway, along with their status.

Clicking the View link brings up a modal to show the actual email message.