Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Products Best Practices Hardware Guides Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
    • More >>
    Unified SASE
  • Single Vendor SASE
  • Cloud Network Security
  • Secure Endpoint Connectivity
  • Web Application / API Protection
    • More >>
    Security Operations
  • Security Operations Automation
  • Identity
  • Early Detection & Prevention
    • More >>
    Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
  • Communication & Surveillance
    • Unified SASE
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Cloud Network Security
  • Cloud-Native Security
  • Web Application / API Protection
    • Security Operations
  • Security Operations Automation
  • Endpoint
  • Data Protection
  • Identity
  • Email
  • Early Detection & Prevention
  • Expert Services
  • Edge Firewall
  • Orchestration & management
  • SD Branch
  • Application Delivery
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Secure Private Access
  • Thin Edge
  • Identity
  • Application Gateway
  • Enterprise Asset Management
  • Endpoint Agent
  • Agentless Security Posture
  • Identity
  • Wireless
  • Switching
  • Identity
  • Privilege Acccess Management
  • Next Generation Firewall
  • Orchestration & management
  • Expert Services
  • All
  • All
  • Account Management
  • SAAS Management
  • SAAS Application Security
  • Managed Services
  • Platform as a service (PAAS)
  • Other SAAS Services
    • 4D Resources
    Solution Hubs
  • 4D Pillars
  • Cloud
  • Popular Solutions

    • Administration Guide

    Home FortiWeb 7.4.2 Administration Guide
    7.4.2
    7.6.1
    7.6.0
    7.4.5
    7.4.4
    7.4.3
    7.4.2
    7.4.1
    7.4.0
    7.2.10
    7.2.9
    7.2.8
    7.2.7
    7.2.6
    7.2.5
    7.2.4
    7.2.3
    7.2.2
    7.2.1
    7.2.0
    7.0.10
    7.0.9
    7.0.8
    7.0.6
    7.0.5
    7.0.4
    7.0.3
    7.0.2
    7.0.1
    7.0.0
    6.4.2
    6.4.1
    6.4.0
    6.3.23
    6.3.19
    6.3.18
    6.3.17
    6.3.16
    6.3.15
    6.3.14
    6.3.13
    6.3.11
    6.3.10
    6.3.9
    6.3.7
    6.3.6
    6.3.5
    6.3.4
    6.3.3
    6.3.2
    6.3.1
    6.3.0
    6.2.5
    6.2.4
    6.2.3
    6.2.2
    6.2.1
    6.2.0
    6.1.2
    6.1.1
    5.7.0
    5.6.1
    5.6.0
    5.6.0

    Automation

    Automation

    Automation stitches pair a trigger with one or more response actions to allow FortiWeb to automatically respond with the action(s) once the trigger condition is met.

    From the Security Fabric > Automation page, you can create an automation stitch by selecting a Trigger event type and the corresponding Action that you would like to automate.

    FortiWeb supports three event types and one response actions for automation.

    • Triggers: Reboot, Low memory, HA, Event log

    • Actions: CLI Script.

    To create an automation using stitches, you need to follow these steps:

    1. Create a Trigger: Define the event that will initiate the automation. See Creating a trigger.
    2. Set up an Action Resource: Specify the action you want the system to perform when the trigger is activated. This could be sending an email or running a CLI script. See Creating an action.
    3. Create an Action: Combine the previously defined action resource with additional details, if necessary, to fully describe what the automation should do when triggered. See Creating an action.
    4. Stitch Everything Together: Integrate the trigger and action you've created into a stitch. This step effectively binds the trigger event with the specified action. See Creating a stitch.
    Creating a trigger

    Certain events can trigger the system to take corresponding actions. You can define the trigger events or use the pre-defined triggers including low memory, HA failover, and reboot.

    1. Go to Security Fabric > Automation.
    2. Select the Trigger tab.
    3. Click Create New to display the configuration editor.
    4. Select the trigger type. FortiWeb supports four types of triggers:
      • System: Reboot, Low memory, HA.

      • Miscellaneous: FortiWeb Event log.

      System
      RebootThe system reboots.
      Low memoryAvailable memory is less than 100 MB.
      HAHA fail-over occurs.
      Miscellaneous
      FortiWeb Event LogThe system prints certain even logs.
    5. If you have selected one of the system triggers, enter a name and description for the trigger.
    6. If you have selected FortiWeb Event Log, enter a name and description for the trigger. Then configure the following options to define the event log.
      • Click the Add icon beside the Event field, then select the type of the event log.
      • Click the Add icon beside the Field filters, then enter the field name and value to narrow down to specific event logs.
        The available field names are Action, Date/Time, Level, Message, User Interface, Log ID, MSG ID, Status, Sub Type, and User.
        To find the appropriate values for the specified field, you can try add a filter in Log&Report > Log Access > Event with the desired log field name and then check its values.


    7. Click OK.
    Creating an action
    1. Go to Security Fabric > Automation.
    2. Select the Action resources tab.
    3. Click Create New under either Email or CLI Script.

      4. For the Email action, perform the following steps:

      1. Enter a name for the action resource.
      2. Enter the subject of the email to be sent.
      3. Enter the email body. Simple string and two parameters are supported:
        1. %%log%%: All fields from the log event triggering this stitch.
        2. %%results%%:The complete result from previous action, such as CLI script.
      4. Select the email policy. For more information, see "Configuring email settings" in Alert email.
      5. Click OK.

      For the CLI Script action, perform the following steps:

      1. Enter a name for the action resource.
      2. Enter the CLI scripts to be run. You can enter multiple CLI commands.
      3. Click OK.
    4. Select the Action tab.
    5. Click Create New.
    6. Enter a name for the action.
    7. Enter a description for the action.
    8. Select the type of actions resource you want to add in this action.
    9. Select the action resource you have created in the tabAction Resources.
    10. Click OK.
    Creating a stitch

    Integrate the trigger and action you've created into a stitch.

    1. Go to Security Fabric > Automation.
    2. Select the Stitch tab.
    3. Click Create New.
    4. Enter a name for the stitch.
    5. Select whether to enable or disable this stitch.
    6. Enter a description for the stitch.
    7. Click Add Trigger, select the trigger you have created in the Trigger tab, or the pre-defined triggers, then click Apply.
    8. Click Add Action, select the action to take when the trigger event occurs, then click Apply. You can add multiple actions for a stitch.
    9. Click OK.

    Previous
    Next

    Automation

    Automation

    Automation stitches pair a trigger with one or more response actions to allow FortiWeb to automatically respond with the action(s) once the trigger condition is met.

    From the Security Fabric > Automation page, you can create an automation stitch by selecting a Trigger event type and the corresponding Action that you would like to automate.

    FortiWeb supports three event types and one response actions for automation.

    • Triggers: Reboot, Low memory, HA, Event log

    • Actions: CLI Script.

    To create an automation using stitches, you need to follow these steps:

    1. Create a Trigger: Define the event that will initiate the automation. See Creating a trigger.
    2. Set up an Action Resource: Specify the action you want the system to perform when the trigger is activated. This could be sending an email or running a CLI script. See Creating an action.
    3. Create an Action: Combine the previously defined action resource with additional details, if necessary, to fully describe what the automation should do when triggered. See Creating an action.
    4. Stitch Everything Together: Integrate the trigger and action you've created into a stitch. This step effectively binds the trigger event with the specified action. See Creating a stitch.
    Creating a trigger

    Certain events can trigger the system to take corresponding actions. You can define the trigger events or use the pre-defined triggers including low memory, HA failover, and reboot.

    1. Go to Security Fabric > Automation.
    2. Select the Trigger tab.
    3. Click Create New to display the configuration editor.
    4. Select the trigger type. FortiWeb supports four types of triggers:
      • System: Reboot, Low memory, HA.

      • Miscellaneous: FortiWeb Event log.

      System
      RebootThe system reboots.
      Low memoryAvailable memory is less than 100 MB.
      HAHA fail-over occurs.
      Miscellaneous
      FortiWeb Event LogThe system prints certain even logs.
    5. If you have selected one of the system triggers, enter a name and description for the trigger.
    6. If you have selected FortiWeb Event Log, enter a name and description for the trigger. Then configure the following options to define the event log.
      • Click the Add icon beside the Event field, then select the type of the event log.
      • Click the Add icon beside the Field filters, then enter the field name and value to narrow down to specific event logs.
        The available field names are Action, Date/Time, Level, Message, User Interface, Log ID, MSG ID, Status, Sub Type, and User.
        To find the appropriate values for the specified field, you can try add a filter in Log&Report > Log Access > Event with the desired log field name and then check its values.


    7. Click OK.
    Creating an action
    1. Go to Security Fabric > Automation.
    2. Select the Action resources tab.
    3. Click Create New under either Email or CLI Script.

      4. For the Email action, perform the following steps:

      1. Enter a name for the action resource.
      2. Enter the subject of the email to be sent.
      3. Enter the email body. Simple string and two parameters are supported:
        1. %%log%%: All fields from the log event triggering this stitch.
        2. %%results%%:The complete result from previous action, such as CLI script.
      4. Select the email policy. For more information, see "Configuring email settings" in Alert email.
      5. Click OK.

      For the CLI Script action, perform the following steps:

      1. Enter a name for the action resource.
      2. Enter the CLI scripts to be run. You can enter multiple CLI commands.
      3. Click OK.
    4. Select the Action tab.
    5. Click Create New.
    6. Enter a name for the action.
    7. Enter a description for the action.
    8. Select the type of actions resource you want to add in this action.
    9. Select the action resource you have created in the tabAction Resources.
    10. Click OK.
    Creating a stitch

    Integrate the trigger and action you've created into a stitch.

    1. Go to Security Fabric > Automation.
    2. Select the Stitch tab.
    3. Click Create New.
    4. Enter a name for the stitch.
    5. Select whether to enable or disable this stitch.
    6. Enter a description for the stitch.
    7. Click Add Trigger, select the trigger you have created in the Trigger tab, or the pre-defined triggers, then click Apply.
    8. Click Add Action, select the action to take when the trigger event occurs, then click Apply. You can add multiple actions for a stitch.
    9. Click OK.

    Previous
    Next