Automation Framework
A single enforcement profile can be selected with different automation profiles. This provides you with more flexibility in the response action. The following diagram illustrates the relationship between Enforcement and Automation profiles.
To create an automation profile:
- Go to Security Fabric > Automation Framework.
- In the toolbar, click Create New.
- Configure the profile settings:
Profile Name Enter a name for the profile. Enable Enable or disable the framework. Enforcement Profile Click to select and profile from the Enforcement Settings. See Creating an Enforcement Profile. Action Select one of the following actions:
- FortiGate Quarantine
- FortiNAC Quaranitne
- Generic Webhook
Source Fabric Device: If the source of detection came from OFTP, the enforcement is only executed to a matching automation profile with a matching IP address and VDOM. Sniffer: If the source of detection came from a sniffer, the enforcement is adapted by all profiles where Trigger Source is Sniffer. Since detection sourced from sniffer does not contain information about which fabric device monitors the infected IP address, it is your responsibility to specify the correct device IP address and VDOM.
API Key
Enter the device API key
IP Enter the device IP address. Port Enter the device port number. VDOM Enter the VDOM info.
Only applicable to FortiGate Quarantine and FortiSwitch Quarantine via FortiLink.
WebHook Name for Execution
Select the FortiGate webhook for execution action, such as
ip_blocker
.Only applicable to FortiGate Quarantine and FortiSwitch Quarantine via FortiLink.
WebHook Name for Undo
Select the FortiGate webhook for undo action, such as
ip_unblocker
.Only applicable to FortiGate Quarantine and FortiSwitch Quarantine via FortiLink.
Webhook Execution Settings
Enter the URL, Method, Header and HTTP body Template for Execution webhook settings.
Only applicable to Generic Webhook.
Webhook Undo Settings
Enter the URL, Method, Header and HTTP body Template for Undo webhook settings.
Only applicable to Generic Webhook.
- Test the configureaiton
- Click OK.