Default automation stitches
The following default automation stitches are included in FortiProxy:
To view and edit the automation stitches in the GUI, go to Security Fabric > Automation and select the Stitch tab..
CLI configurations
Compromised Host Quarantine
config system automation-action
edit "Quarantine FortiClient EMS Endpoint"
set description "Default automation action configuration for quarantining a FortiClient EMS endpoing device."
set action-type quarantine-forticlient
next
endconfig system automation-trigger
edit "Compromised Host - High"
set description "Default automation trigger configuration for when a high severity compromised host is detected."
next
endconfig system automation-stitch
edit "Compromised Host Quarantine"
set description "Default automation stitch to quarantine a high severity compromised host on FortiClient EMS."
set status disable
set trigger "Compromised Host - High"
config actions
edit 1
set action "Quarantine FortiClient EMS Endpoint"
next
end
next
end
Network Down
config system automation-action
edit "Default Email"
set description "Default automation action configuration for sending an email with basic information on the log event."
set action-type email
set email-subject "%%log.logdesc%%"
next
end
config system automation-trigger
edit "Network Down"
set description "Default automation trigger configuration for when a network connection goes down."
set event-type event-log
set logid 20099
config fields
edit 1
set name "status"
set value "DOWN"
next
end
next
end
config system automation-stitch
edit "Network Down"
set description "Default automation stitch to send an email when a network goes down."
set status disable
set trigger "Network Down"
config actions
edit 1
set action "Default Email"
next
end
next
end
HA Failover
config system automation-action
edit "Default Email"
set description "Default automation action configuration for sending an email with basic information on the log event."
set action-type email
set email-subject "%%log.logdesc%%"
next
end
config system automation-trigger
edit "HA Failover"
set description "Default automation trigger configuration for when an HA failover occurs."
set event-type ha-failover
next
end
config system automation-stitch
edit "HA Failover"
set description "Default automation stitch to send an email when a HA failover is detected."
set status disable
set trigger "HA Failover"
config actions
edit 1
set action "Default Email"
next
end
next
end
Incoming Webhook Quarantine
config system automation-action
edit "Quarantine FortiClient EMS Endpoint"
set description "Default automation action configuration for quarantining a FortiClient EMS endpoing device."
set action-type quarantine-forticlient
next
endconfig system automation-trigger
edit "Incoming Webhook Call"
set description "Default automation trigger configuration for an incoming webhook."
set event-type incoming-webhook
next
end
config system automation-stitch
edit "Incoming Webhook Quarantine"
set description "Default automation stitch to quarantine a provided MAC address on FortiClient EMS using an Incoming Webhook."
set status disable
set trigger "Incoming Webhook Call"
config actions
edit 1
set action "Quarantine FortiClient EMS Endpoint"
next
end
next
end
Reboot
config system automation-action
edit "Default Email"
set description "Default automation action configuration for sending an email with basic information on the log event."
set action-type email
set email-subject "%%log.logdesc%%"
next
end
config system automation-trigger
edit "Reboot"
set description "Default automation trigger configuration for when a FortiProxy is rebooted."
set event-type reboot
next
endconfig system automation-stitch
edit "Reboot"
set description "Default automation stitch to send an email when a FortiProxy is rebooted."
set status disable
set trigger "Reboot"
config actions
edit 1
set action "Default Email"
next
end
next
end