ITSM connectors
You can use the Active Connectors tab to create the following types of ITSM connectors:
- MS Teams
- ServiceNow
- Slack
- Webhook, a generic connector
You can create ITSM connectors for ServiceNow, Slack, MS Teams, and Webhook.
To create an ITSM connector:
- Go to Incidents & Events > Automation > Active Connectors, and click Create New.
- Under ITSM, select one of the available connector types.
- Configure the following options, and click OK:
Property
Description
Name
Type a name for the fabric connector.
Description
(Optional) Type a description for the fabric connector.
Protocol
Select HTTPS.
For Slack connectors and Generic connectors, you can also select HTTP.
Port
Specify the port FortiAnalyzer uses to communicate with the external platform.
Method
Select POST.
For Slack connectors and Generic connectors, you can also select PUT.
Title
Type a title for the fabric connector.
URL
Type the URL of the external platform. This option is not available for the MS Teams Connector.
Using ServiceNow as an example, copy and paste the URL from ServiceNow API URL in the Connection to ServiceNow API section in ServiceNow > FortiAnalyzer System Properties.
Teams Webhook URL
Type the incoming webhook URL created in MS Teams. This option is only available for the MS Teams Connector.
HTTP Authentication
Enable or disable HTTP authentication. This option is not available for the MS Teams Connector.
If enabled, select Basic or OAuth2 authentication type.
Using ServiceNow with Basic authenictation as an example, enter the username and password from the Connection to ServiceNow API section in ServiceNow > FortiAnalyzer System Properties.
Using Webhook Connector with OAuth2 authentication as an example, enter the URL of the token service as well as the client ID and client secret for authentication.
HTTP Body
Type the HTTP body of the message that should be sent in MS Teams by the connector. This option is only available for the MS Teams Connector.
For example,
{ \"text\": \"<message to send>\" }. For example,{ \"text\": \"<message to send>\" }. You also use${}for macros in the message. For a list of supported macros, see Supported macros for the MS Teams Connector.Status
Enable or disable the fabric connector.
To use a generic connector:
Generic webhook connectors can be used to send notifications about incidents and events. After it is created, the connector can be added in the incident settings or in notification profiles for event handlers.
To use a ServiceNow connector:
ServiceNow connectors can be used to post incident change notices. After it is created, the ServiceNow connector can be added in the incident settings or as part of a playbook.
To use a Slack connector:
Slack connectors can be used to send messages in Slack about incidents and events. After it is created, the Slack connector can be added in the incident settings or notification profiles for event handlers.
To use an MS Teams connector:
MS Teams connectors can be used to send messages in MS Teams about incidents and events. After it is created, the MS Teams connector can be added in the incident settings, notification profiles for event handlers, or as part of a playbook.
To edit an ITSM connector:
- Go to Incidents & Events > Automation > Active Connectors.
- Select an ITSM connector, and click Edit.
The Edit Connectors pane displays.
- Edit the settings, and click OK.
Supported macros for the MS Teams Connector
|
Category |
Variable |
Macro |
Description |
|---|---|---|---|
|
Global |
type |
${type} |
Notification type |
|
Global |
adom |
${adom} |
Adom name |
|
Global |
from |
${from} |
FAZ SN |
|
Global |
timestamp |
${timestamp} |
Notification timestamp |
|
Event |
event |
${event} |
All event fields |
|
Event |
eventid |
${event.eventid} |
Event id |
|
Event |
alertid |
${event.alertid} |
Alert id (same with eventid, but name consistent with previous notification format) |
|
Event |
logtype |
${event.logtype} |
Log type |
|
Event |
devtype |
${event.devtype} |
Device type |
|
Event |
eventtime |
${event.eventtime} |
Event time |
|
Event |
alerttime |
${event.alerttime} |
Alert time (same with eventtime, but name consistent with previous notification format) |
|
Event |
firstlogtime |
${event.firstlogtime} |
First log time |
|
Event |
lastlogtime |
${event.lastlogtime} |
Last log time |
|
Event |
devid |
${event.devid} |
Device id |
|
Event |
devname |
${event.devname} |
Device name |
|
Event |
eventtype |
${event.eventtype} |
Event type |
|
Event |
groupby1 |
${event.groupby1} |
groupby1 |
|
Event |
groupby2 |
${event.groupby2} |
grouby2 |
|
Event |
groupby3 |
${event.groupby3} |
grouby3 |
|
Event |
indicator |
${event.indicator} |
indicator |
|
Event |
severity |
${event.severity} |
severity |
|
Event |
subject |
${even.subject} |
subject |
|
Event |
tag |
${event.tag} |
tag |
|
Event |
triggername |
${event.triggername} |
Trigger name |
|
Event |
vdom |
${event.vdom} |
vdom |
|
Event |
epid |
${event.epid} |
epid |
|
Event |
euid |
${event.euid} |
euid |
|
Event |
epip |
${event.epip} |
epip |
|
Event |
epname |
${event.epname} |
epname |
|
Event |
euname |
${event.euname} |
euname |
|
Event |
extrainfo |
${event.extrainfo} |
Additional info |
|
Event |
log-length |
${event.log-length} |
Log length |
|
Event |
log-detail |
${event.log-detail} |
Log detail |
|
Incident |
incident |
${incident} |
All incident fields |
|
Incident |
incid |
${incident.incid} |
Incident ID |
|
Incident |
type |
${incident.type} |
Notification type |
|
Incident |
revision |
${incident.revision} |
revision |
|
Incident |
attach_revision |
${incident.attach_revision} |
attach revision |
