Fortinet white logo
Fortinet white logo

Administration Guide

Triggers

Triggers

The following table outlines the available triggers.

Category

Trigger

Description

Security Fabric

Compromised Host

An indicator of compromise (IoC) is detected on a host endpoint.

The threat level must be selected and can be Medium or High. If Medium is selected, both medium and high level threats are included.

Additional actions are available only for Compromised Host triggers:

  • Access Layer Quarantine
  • FortiClient Quarantine
  • VMware NSX Security Tag
  • IP Ban

Security Rating Summary

A summary is available for a recently run Security Rating report. Options include:

  • Security Posture
  • Fabric Coverage
  • Optimization
  • Any

FortiAnalyzer Event Handler

The specified FortiAnalyzer event handler has occurred.

Fabric Connector Event

An event has occurred on a specific Fabric connector.

System

Reboot

A FortiProxy is rebooting.

HA Failover

An HA failover has occurred.

Conserve Mode

A FortiProxy entered conserve mode due to low memory. See Execute a CLI script based on CPU and memory thresholds for an example.

Configuration Change

An administrator's session that changed a FortiProxy's configuration has ended.

License Expiry

A FortiGuard license is expiring.

The license type must be selected. Options include:

  • FortiCare Support
  • FortiGuard Web Filter
  • FortiGuard AntiSpam
  • FortiGuard AntiVirus
  • FortiGuard IPS
  • FortiGuard Management Service
  • FortiGate Cloud
  • Any

AV & IPS DB Update

The antivirus and IPS database has been updated.

High CPU

A FortiProxy has high CPU usage. See Execute a CLI script based on CPU and memory thresholds for an example.

Miscellaneous

FortiProxy Event Log

A specified FortiProxy event log ID has occurred.

Multiple event log IDs can be selected, and log field filters can be applied. See FortiProxy event log trigger for an example.

Incoming Webhook

An incoming webhook has been triggered.

Schedule

A scheduled monthly, weekly, daily, or hourly trigger. Set to occur on a specific minute of an specific hour on a specific day.

Triggers

Triggers

The following table outlines the available triggers.

Category

Trigger

Description

Security Fabric

Compromised Host

An indicator of compromise (IoC) is detected on a host endpoint.

The threat level must be selected and can be Medium or High. If Medium is selected, both medium and high level threats are included.

Additional actions are available only for Compromised Host triggers:

  • Access Layer Quarantine
  • FortiClient Quarantine
  • VMware NSX Security Tag
  • IP Ban

Security Rating Summary

A summary is available for a recently run Security Rating report. Options include:

  • Security Posture
  • Fabric Coverage
  • Optimization
  • Any

FortiAnalyzer Event Handler

The specified FortiAnalyzer event handler has occurred.

Fabric Connector Event

An event has occurred on a specific Fabric connector.

System

Reboot

A FortiProxy is rebooting.

HA Failover

An HA failover has occurred.

Conserve Mode

A FortiProxy entered conserve mode due to low memory. See Execute a CLI script based on CPU and memory thresholds for an example.

Configuration Change

An administrator's session that changed a FortiProxy's configuration has ended.

License Expiry

A FortiGuard license is expiring.

The license type must be selected. Options include:

  • FortiCare Support
  • FortiGuard Web Filter
  • FortiGuard AntiSpam
  • FortiGuard AntiVirus
  • FortiGuard IPS
  • FortiGuard Management Service
  • FortiGate Cloud
  • Any

AV & IPS DB Update

The antivirus and IPS database has been updated.

High CPU

A FortiProxy has high CPU usage. See Execute a CLI script based on CPU and memory thresholds for an example.

Miscellaneous

FortiProxy Event Log

A specified FortiProxy event log ID has occurred.

Multiple event log IDs can be selected, and log field filters can be applied. See FortiProxy event log trigger for an example.

Incoming Webhook

An incoming webhook has been triggered.

Schedule

A scheduled monthly, weekly, daily, or hourly trigger. Set to occur on a specific minute of an specific hour on a specific day.