config system automation-settings
Use this command to configure the automation profiles used by the FortiNDR enforcement feature.
Syntax
config system automation-settings edit <name_str> set type {fgt-quarantine|fnac-quarantine| fsw-quarantine-via-fortilink|generic-webhook} set vdom <vdom_str> set api-key <apikey_str> set webhook-config <config_str> set ip <ip_addr> set port <port_int> set status {enable | disable} set source {fabric-device | sniffer} set profile <enforcement_profile_name> end
Variable |
Description |
Default |
---|---|---|
|
Automation Profile name |
F |
|
FortiNDR supports four types of automated quarantine: fgt-quarantine, fnac-quarantine, fsw-quarantine-via-fortilink and generic-webhook |
|
|
The VDOM of the FortiGate. Only applicable to fgt-quarantine and fsw-quarantine-via-fortilink. |
|
|
API key of the device. Only applicable to fgt-quarantine, fsw-quarantine-via-fortilink and fnac-quarantine. |
|
|
The webhook configuration to be used by FortiNDR enforcement. Only applicable to fgt-quarantine , fsw-quarantine-via-fortilink and generic-webhook. For fgt-quarantine or fsw-quarantine-via-fortilink: {"webhook_exec" :"ip_blocker", "webhook_undo": "ip_unblocker"} For generic-webhook: {"webhook_exec" :{"url":"https://host1.com:443/api/ip_blocker","method":"post","http_body":"{\"srcip\":\"%%srcip%%\"}","headers":{"content-type":"application/json"}}, "webhook_undo":{"url":"https://host1.com:443/api/ip_unblocker","method":"post","http_body":" {\"srcip\":\"%%srcip%%\"}","headers":{"content-type":"application/json"}} } To enter the JSON data through CLI, the JSON string must be formatted as one line and enclosed in single quotes (').
|
|
|
IP address of the device. Only applicable to fgt-quarantine, fsw-quarantine-via-fortilink and fnac-quarantine. |
|
|
Port number of the device. Only applicable for fgt-quarantine, fsw-quarantine-via-fortilink and fnac-quarantine. |
|
|
Enable or disable the automation profile. |
|
|
Set the source of detection that applies to the current profile. Only applicable for fgt-quarantine fsw-quarantine-via-fortilink. |
|
|
The enforcement profile to be used by the current automation setting. |
|