Fortinet black logo

Cookbook

Home FortiGate / FortiOS 6.0.0 Cookbook

Creating the Automation stitches

6.0.0
6.2.16
6.2.15
6.2.14
6.2.13
6.2.12
6.2.11
6.2.10
6.2.9
6.2.8
6.2.7
6.2.6
6.2.5
6.2.4
6.2.3
6.2.2
6.2.0
6.0.0
5.6.0
5.4.0
Copy Link
Copy Doc ID a4a06ec3-12a7-11e9-b86b-00505692583a:830712
Download PDF

Creating the Automation stitches

  1. To create a new Automation that bans the IP address of a compromised host, go to Security Fabric > Automation and select Create New.

  2. Set FortiGate to All FortiGates.

  3. Set Trigger to Compromised Host. Set IOC level threshold to High.

  4. Set Action to IP Ban.

  5. Create a second Automation that sends an email alert when HA failover occurs.

  6. Set FortiGate to Edge-Primary, which is part of the only HA cluster in the Security Fabric.

  7. Set Trigger to HA Failover. Set Action to Email.

  8. Set the Email subject and email address.

Previous
Next

Related Videos

sidebar video

Fortinet Security Fabric 6.0.0 Series - Part 6: Automation

  • 1,383 views
  • 5 years ago

Creating the Automation stitches

  1. To create a new Automation that bans the IP address of a compromised host, go to Security Fabric > Automation and select Create New.

  2. Set FortiGate to All FortiGates.

  3. Set Trigger to Compromised Host. Set IOC level threshold to High.

  4. Set Action to IP Ban.

  5. Create a second Automation that sends an email alert when HA failover occurs.

  6. Set FortiGate to Edge-Primary, which is part of the only HA cluster in the Security Fabric.

  7. Set Trigger to HA Failover. Set Action to Email.

  8. Set the Email subject and email address.

Previous
Next