Triggers
The following table outlines the available triggers.
Category |
Trigger |
Description |
---|---|---|
Security Fabric |
||
|
Compromised Host |
An indicator of compromise (IoC) is detected on a host endpoint. The threat level must be selected and can be Medium or High. If Medium is selected, both medium and high level threats are included. Additional actions are available only for Compromised Host triggers:
|
|
Security Rating Summary |
A summary is available for a recently run Security Rating report. Options include:
|
|
FortiAnalyzer Event Handler |
The specified FortiAnalyzer event handler has occurred. |
|
Fabric Connector Event |
An event has occurred on a specific Fabric connector. |
System |
||
|
Reboot |
A FortiProxy is rebooting. |
|
HA Failover |
An HA failover has occurred. |
|
Conserve Mode |
A FortiProxy entered conserve mode due to low memory. See Execute a CLI script based on CPU and memory thresholds for an example. |
|
Configuration Change |
An administrator's session that changed a FortiProxy's configuration has ended. |
|
License Expiry |
A FortiGuard license is expiring. The license type must be selected. Options include:
|
|
AV & IPS DB Update |
The antivirus and IPS database has been updated. |
|
High CPU |
A FortiProxy has high CPU usage. See Execute a CLI script based on CPU and memory thresholds for an example. |
Miscellaneous |
||
|
FortiProxy Event Log |
A specified FortiProxy event log ID has occurred. Multiple event log IDs can be selected, and log field filters can be applied. See FortiProxy event log trigger for an example. |
|
Incoming Webhook |
An incoming webhook has been triggered. |
|
Schedule |
A scheduled monthly, weekly, daily, or hourly trigger. Set to occur on a specific minute of an specific hour on a specific day. |