Fortinet white logo
Fortinet white logo

Administration Guide

Slack Notification action

Slack Notification action

To configure an automation stitch with a Slack Notification action, you first need to configure an incoming webhook in Slack. Then you can enter the webhook URL when you configure the Slack Notification action.

This example uses a Security Rating Summary trigger in the automation stitch with two Slack Notification actions with different notification messages. One message is a custom message, and the other is for the Security Rating Summary log with a 90 second delay.

To create an Incoming Webhook in Slack:
  1. Go to the Slack website, and create a workspace.

  2. Create a Slack application for the workspace.

  3. Add an Incoming Webhook to a channel in the workspace (see Sending messages using Incoming Webhooks for more details).

  4. Activate the Incoming Webhook, and copy the Webhook URL to the clipboard.

To configure an automation stitch with Slack Notification actions in the GUI:
  1. Go to Security Fabric > Automation, select the Stitch tab, and click Create New.

  2. Enter the stitch name.

  3. Configure the Security Rating Summary trigger:

    1. Click Add Trigger.

    2. Click Create and select Security Rating Summary.

    3. Name

      auto-rating

      Report

      Security Posture

      Enter the following:

    4. Click OK.

    5. Select the trigger in the list and click Apply.

  4. Configure the first Slack Notification action:

    1. Click Add Action.

    2. Click Create and select Slack Notification.

    3. Enter the following:

      Name

      slack1

      URL

      Paste the webhook URL from the clipboard

      Message

      Text

      Message text

      This is test for slack notification.

    4. Click OK.

    5. Select the action in the list and click Apply.

  5. Configure the second Slack Notification action:

    1. Click Add Action.

    2. Click Create and select Slack Notification.

    3. Enter the following:

      Name

      slack2

      URL

      Paste the webhook URL from the clipboard

      Message

      Text

      Message text

      %%log%%

    4. Click OK.

    5. Select the action in the list and click Apply.

    6. Click the Add delay located between both actions. Enter 90 and click OK.

  6. Click OK.

  7. Trigger the automation stitch:

    1. Right-click the automation stitch and select Test Automation Stitch.

      After the Security Rating report is finished, the automation is triggered and an event log is created by the FortiProxy. The two notifications are sent to the Slack channel.

To configure an automation stitch with Slack Notification actions in the CLI:
  1. Configure the automation trigger:

    config system automation-trigger
        edit "auto-rating"
            set event-type security-rating-summary
        next
    end
  2. Configure the automation actions:

    config system automation-action
        edit "slack1"
            set action-type slack-notification
            set message "This is test for slack notification."
            set uri "hooks.slack.com/services/xxxxxxxxx/xxxxxxxxx/xxxxxxxxxxxxxxxxxxxxxxxx"
        next
        edit "slack2"
            set action-type slack-notification
            set uri "hooks.slack.com/services/xxxxxxxxx/xxxxxxxxx/xxxxxxxxxxxxxxxxxxxxxxxx"
        next
    end
  3. Configure the automation stitch:

    config system automation-stitch
        edit "auto_rating"
            set trigger "auto-rating"
            config actions
                edit 1
                    set action "slack1"
                    set required enable
                next
                edit 2
                    set action "slack2"
                    set delay 90
                    set required enable
                next
            end
        next
    end
  4. Verify that the automation action was triggered:

    # diagnose test application autod 3
    stitch: auto-rating 
        local hit: 1 relayed to: 0 relayed from: 0
        last trigger:Tue Sep 13 11:34:56 2022
        last relay:
        actions:
            slack1:
                done: 1 relayed to: 0 relayed from: 0
                last trigger:Tue Sep 13 11:34:56 2022
                last relay:
            slack2:
                done: 1 relayed to: 0 relayed from: 0
                last trigger:Tue Sep 13 11:34:56 2022
                last relay:

Slack Notification action

Slack Notification action

To configure an automation stitch with a Slack Notification action, you first need to configure an incoming webhook in Slack. Then you can enter the webhook URL when you configure the Slack Notification action.

This example uses a Security Rating Summary trigger in the automation stitch with two Slack Notification actions with different notification messages. One message is a custom message, and the other is for the Security Rating Summary log with a 90 second delay.

To create an Incoming Webhook in Slack:
  1. Go to the Slack website, and create a workspace.

  2. Create a Slack application for the workspace.

  3. Add an Incoming Webhook to a channel in the workspace (see Sending messages using Incoming Webhooks for more details).

  4. Activate the Incoming Webhook, and copy the Webhook URL to the clipboard.

To configure an automation stitch with Slack Notification actions in the GUI:
  1. Go to Security Fabric > Automation, select the Stitch tab, and click Create New.

  2. Enter the stitch name.

  3. Configure the Security Rating Summary trigger:

    1. Click Add Trigger.

    2. Click Create and select Security Rating Summary.

    3. Name

      auto-rating

      Report

      Security Posture

      Enter the following:

    4. Click OK.

    5. Select the trigger in the list and click Apply.

  4. Configure the first Slack Notification action:

    1. Click Add Action.

    2. Click Create and select Slack Notification.

    3. Enter the following:

      Name

      slack1

      URL

      Paste the webhook URL from the clipboard

      Message

      Text

      Message text

      This is test for slack notification.

    4. Click OK.

    5. Select the action in the list and click Apply.

  5. Configure the second Slack Notification action:

    1. Click Add Action.

    2. Click Create and select Slack Notification.

    3. Enter the following:

      Name

      slack2

      URL

      Paste the webhook URL from the clipboard

      Message

      Text

      Message text

      %%log%%

    4. Click OK.

    5. Select the action in the list and click Apply.

    6. Click the Add delay located between both actions. Enter 90 and click OK.

  6. Click OK.

  7. Trigger the automation stitch:

    1. Right-click the automation stitch and select Test Automation Stitch.

      After the Security Rating report is finished, the automation is triggered and an event log is created by the FortiProxy. The two notifications are sent to the Slack channel.

To configure an automation stitch with Slack Notification actions in the CLI:
  1. Configure the automation trigger:

    config system automation-trigger
        edit "auto-rating"
            set event-type security-rating-summary
        next
    end
  2. Configure the automation actions:

    config system automation-action
        edit "slack1"
            set action-type slack-notification
            set message "This is test for slack notification."
            set uri "hooks.slack.com/services/xxxxxxxxx/xxxxxxxxx/xxxxxxxxxxxxxxxxxxxxxxxx"
        next
        edit "slack2"
            set action-type slack-notification
            set uri "hooks.slack.com/services/xxxxxxxxx/xxxxxxxxx/xxxxxxxxxxxxxxxxxxxxxxxx"
        next
    end
  3. Configure the automation stitch:

    config system automation-stitch
        edit "auto_rating"
            set trigger "auto-rating"
            config actions
                edit 1
                    set action "slack1"
                    set required enable
                next
                edit 2
                    set action "slack2"
                    set delay 90
                    set required enable
                next
            end
        next
    end
  4. Verify that the automation action was triggered:

    # diagnose test application autod 3
    stitch: auto-rating 
        local hit: 1 relayed to: 0 relayed from: 0
        last trigger:Tue Sep 13 11:34:56 2022
        last relay:
        actions:
            slack1:
                done: 1 relayed to: 0 relayed from: 0
                last trigger:Tue Sep 13 11:34:56 2022
                last relay:
            slack2:
                done: 1 relayed to: 0 relayed from: 0
                last trigger:Tue Sep 13 11:34:56 2022
                last relay: