Automation Framework
Go to Security Fabric > Automation Framework to create single enforcement profile that can be selected with different automation profiles. This provides you with more flexibility in the response action. The following diagram illustrates the relationship between Enforcement and Automation profiles.
To create an automation profile:
- Go to Security Fabric > Automation Framework.
- In the toolbar, click Create New.
- Configure the Automation Framework settings:
Automation Framework
Profile Name Enter a name for the profile. Enable Click to enable or disable the framework. Enforcement Profile Click to select an Enforcement Settings profiles. Action Select one of the following actions:
- FortiGate Quarantine
- FortiNAC Quarantine
- FortiSwitch Quarantine via FortiLink
- Generic Webhook
- Configure the quarantine settings.
These settings will vary depending on the Action setting.
Manage FortiGate Settings and FortiSwitch Quarantine via FortiLink.
Manage FortiGate Settings and FortiSwitch Quarantine Settings
Source - Fabric Device: If the source of detection came from OFTP, the enforcement is only executed to a matching automation profile with a matching IP address and VDOM.
- Sniffer: If the source of detection came from a sniffer, the enforcement is adapted by all profiles where Trigger Source is Sniffer. Since detection sourced from sniffer does not contain information about which fabric device monitors the infected IP address, it is your responsibility to specify the correct device IP address and VDOM.
API Key
Enter the device API key
IP Enter the device IP address. Port Enter the device port number. VDOM Enter the VDOM name.
WebHook Name for Execution
Select the FortiGate webhook for execution action, such as
ip_blocker
.WebHook Name for Undo
Select the FortiGate webhook for undo action, such as
ip_unblocker
.FortiNac Quarantine
FortiNac Quarantine Settings
API Key
Click Change to update the API key.
IP
Enter the FortiNac IP address.
Port
Enter the FortiNac port number.
Generic Webhook
Webhook Execution Settings
URL
Enter the webhook URL.
Method
Select POST, PUT, GET, PATCH or DELETE.
Header
Click the plus sign (+) and enter a value of the authorization key.
HTTP Body Template
Enter the HTTP Body Template.
Webhook Undo Settings
URL
Enter the webhook URL.
Method
Select POST, PUT, GET, PATCH or DELETE.
Header
Click the plus sign (+) and enter a value of the authorization key.
HTTP Body Template
Enter the HTTP Body Template.
- Click Test Current Configuration to validate the settings. This option is displayed when FortiGate Quarantine and FortiSwitch Quarantine via FortiLink are selected.
- Click OK.