Fortinet black logo

Handbook

Triggers

6.0.0
Copy Link
Copy Doc ID 4afb0436-a998-11e9-81a4-00505692583a:592883
Download PDF

Triggers

You can configure FortiOS to automatically respond to the following trigger events: IOC, event log, reboot, conserve mode, high CPU, license expiry, HA failover, and configuration changes. The following table provides more information about the trigger event list.

Trigger Description

Compromised Host

An Indicator of compromise (IOC) is detected on a host endpoint.

If you configure a Compromised Host trigger you also need to set the IOC level threshold to Medium or High. If you set this to Medium, both medium and high threshold attacks trigger an action.

The additional Action options are the following: Access Layer Quarantine, Quarantine FortiClient via EMS, and IP Ban.

Security Rating Summary

A summary is available for a recently run Security Rating.

Configuration Change

There is a FortiGate configuration change.

Reboot

A FortiGate reboot occurs.

License Expiry

A FortiGuard license is expiring.

You must select which type of license you want to be notified about if it expires: FortiCare Support, FortiGuard Web Filter, FortiGuard AntiSpam, FortiGuard AntiVirus, FortiGuard IPS, FortiGuard Management Service, and FortiCloud.

HA Failover

HA failover occurs.

AV & IPS DB Update

The antivirus and IPS database updates.

Event Log

A FortiGate log with a specific event ID occurs.

If you configure an Event Log trigger you'll also need to enter a Log ID.

Conserve Mode

A FortiGate enters conserve mode due to low memory. See CPU and memory thresholds for information on customizing memory use thresholds.

High CPU

A FortiGate has high CPU usage. See CPU and memory thresholds for information on customizing the CPU use threshold.

Related Videos

sidebar video

Fortinet Security Fabric 6.0.0 Series - Part 3: Compromised Hosts Management

  • 880 views
  • 5 years ago
sidebar video

Fortinet Security Fabric 6.0.0 Series - Part 6: Automation

  • 1,379 views
  • 5 years ago
sidebar video

Fortinet Security Fabric 6.0.0 Series - Part 7: Automation: AWS Lambda and Gener

  • 865 views
  • 5 years ago

Triggers

You can configure FortiOS to automatically respond to the following trigger events: IOC, event log, reboot, conserve mode, high CPU, license expiry, HA failover, and configuration changes. The following table provides more information about the trigger event list.

Trigger Description

Compromised Host

An Indicator of compromise (IOC) is detected on a host endpoint.

If you configure a Compromised Host trigger you also need to set the IOC level threshold to Medium or High. If you set this to Medium, both medium and high threshold attacks trigger an action.

The additional Action options are the following: Access Layer Quarantine, Quarantine FortiClient via EMS, and IP Ban.

Security Rating Summary

A summary is available for a recently run Security Rating.

Configuration Change

There is a FortiGate configuration change.

Reboot

A FortiGate reboot occurs.

License Expiry

A FortiGuard license is expiring.

You must select which type of license you want to be notified about if it expires: FortiCare Support, FortiGuard Web Filter, FortiGuard AntiSpam, FortiGuard AntiVirus, FortiGuard IPS, FortiGuard Management Service, and FortiCloud.

HA Failover

HA failover occurs.

AV & IPS DB Update

The antivirus and IPS database updates.

Event Log

A FortiGate log with a specific event ID occurs.

If you configure an Event Log trigger you'll also need to enter a Log ID.

Conserve Mode

A FortiGate enters conserve mode due to low memory. See CPU and memory thresholds for information on customizing memory use thresholds.

High CPU

A FortiGate has high CPU usage. See CPU and memory thresholds for information on customizing the CPU use threshold.