Fortinet white logo
Fortinet white logo

Administration Guide

7.2.0

Add or modify activities

Add or modify activities

  1. Select Logs > Security Incidents > Actions
  2. Click Add or select an action and click Modify.
  3. Under Activities, click Add, or select an activity and click Modify.
  4. Select the activity from the Activity drop-down menu.
  5. Enter the information associated with the activity.

  6. Some options include the Secondary Task check box. Selecting this check box enables the secondary task to occur after the time period specified in the action has passed.
  7. Use the table below for information about each activity option.
  8. Click OK to save your activity.
Settings

Field

Definition

Command Line Script Action

Lets you specify a particular command line script to be executed as an alarm action.

Send Alarm to Custom Script

Lets you send an alarm to a custom command line script located in /home/cm/scripts when the trigger event occurs.

Send Alarm to External Log Hosts

Sends an alarm to an external log host when the trigger event occurs.

Email User Action

Sends an email to the logged on user or owner, only the logged on user, or only the owner when the action is taken. See Hosts for more information about adding or modifying the host's owner. Enter the message for the user in the Email Message box.

Select the fields to display information you wish to append to the email. You can update the text to be displayed for each field.

Users can add or modify custom fields that are appended to the email. Custom fields include information about a security event that is stored under Full Event Attributes in the Security Events View > Event Details window. For example, enter a label for the field and the "CS4" key to display the CS4 information in the custom field. See Security events

Email Group Action

Sends an email to the selected administrator group.

SMS User Action

Sends an SMS message to the host's owner when the action is taken. See Hosts for more information about adding or modifying the host's owner. Enter the message for the user in the SMS Message box.

Host Role Action

Lets you set the host role to any configured role. You can select the Secondary Task check box to enable a secondary task to change the role when the action is undone.

Disable Host

Disconnects the host from the network. You can select the Secondary Task check box to enable the host after a specified time period if the Perform Secondary Task(s) check box is enabled for the action.

Disable Port

Disconnects the port. You can select the Secondary Task check box to enable the port after a specified time period if the Perform Secondary Task(s) check box is enabled for the action.

Run Endpoint Compliance Configuration

When selected, allows you to run additional endpoint compliance configurations based on security actions mapped to a scan's results. See Chaining configuration scans .

Mark Host At Risk

Automatically fails the scan selected in the Mark Host At Risk For drop-down list, and places the host in a state of remediation the next time the host connects. You can select the Secondary Task check box to mark the host safe after a specified time period if the Perform Secondary Task(s) check box is enabled for the action.

Mark Host Safe

Automatically marks the host as safe for the scan selected in the Mark Host Safe For drop-down list, and passes the scan. You can select the Secondary Task check box to mark the host at risk after a specified time period if the Perform Secondary Task(s) check box is enabled for the action.

Send Message to Desktop

Lets you send a message to the desktop of a host running the Persistent Agent.

Add or modify activities

Add or modify activities

  1. Select Logs > Security Incidents > Actions
  2. Click Add or select an action and click Modify.
  3. Under Activities, click Add, or select an activity and click Modify.
  4. Select the activity from the Activity drop-down menu.
  5. Enter the information associated with the activity.

  6. Some options include the Secondary Task check box. Selecting this check box enables the secondary task to occur after the time period specified in the action has passed.
  7. Use the table below for information about each activity option.
  8. Click OK to save your activity.
Settings

Field

Definition

Command Line Script Action

Lets you specify a particular command line script to be executed as an alarm action.

Send Alarm to Custom Script

Lets you send an alarm to a custom command line script located in /home/cm/scripts when the trigger event occurs.

Send Alarm to External Log Hosts

Sends an alarm to an external log host when the trigger event occurs.

Email User Action

Sends an email to the logged on user or owner, only the logged on user, or only the owner when the action is taken. See Hosts for more information about adding or modifying the host's owner. Enter the message for the user in the Email Message box.

Select the fields to display information you wish to append to the email. You can update the text to be displayed for each field.

Users can add or modify custom fields that are appended to the email. Custom fields include information about a security event that is stored under Full Event Attributes in the Security Events View > Event Details window. For example, enter a label for the field and the "CS4" key to display the CS4 information in the custom field. See Security events

Email Group Action

Sends an email to the selected administrator group.

SMS User Action

Sends an SMS message to the host's owner when the action is taken. See Hosts for more information about adding or modifying the host's owner. Enter the message for the user in the SMS Message box.

Host Role Action

Lets you set the host role to any configured role. You can select the Secondary Task check box to enable a secondary task to change the role when the action is undone.

Disable Host

Disconnects the host from the network. You can select the Secondary Task check box to enable the host after a specified time period if the Perform Secondary Task(s) check box is enabled for the action.

Disable Port

Disconnects the port. You can select the Secondary Task check box to enable the port after a specified time period if the Perform Secondary Task(s) check box is enabled for the action.

Run Endpoint Compliance Configuration

When selected, allows you to run additional endpoint compliance configurations based on security actions mapped to a scan's results. See Chaining configuration scans .

Mark Host At Risk

Automatically fails the scan selected in the Mark Host At Risk For drop-down list, and places the host in a state of remediation the next time the host connects. You can select the Secondary Task check box to mark the host safe after a specified time period if the Perform Secondary Task(s) check box is enabled for the action.

Mark Host Safe

Automatically marks the host as safe for the scan selected in the Mark Host Safe For drop-down list, and passes the scan. You can select the Secondary Task check box to mark the host at risk after a specified time period if the Perform Secondary Task(s) check box is enabled for the action.

Send Message to Desktop

Lets you send a message to the desktop of a host running the Persistent Agent.