Fortinet white logo
Fortinet white logo

CLI Reference

config system automation-trigger

config system automation-trigger

Trigger for automation stitches.

config system automation-trigger
    Description: Trigger for automation stitches.
    edit <name>
        set event-type [ioc|event-log|...]
        set faz-event-name {var-string}
        set faz-event-severity {var-string}
        set faz-event-tags {var-string}
        config fields
            Description: Customized trigger field settings.
            edit <id>
                set name {string}
                set value {var-string}
            next
        end
        set ioc-level [medium|high]
        set license-type [forticare-support|fortiguard-webfilter|...]
        set logid {integer}
        set report-type [PostureReport|CoverageReport|...]
        set trigger-day {integer}
        set trigger-frequency [hourly|daily|...]
        set trigger-hour {integer}
        set trigger-minute {integer}
        set trigger-type [event-based|scheduled]
        set trigger-weekday [sunday|monday|...]
    next
end

config system automation-trigger

Parameter

Description

Type

Size

Default

event-type

Event type.

option

-

ioc

Option

Description

ioc

Indicator of compromise detected.

event-log

Use log ID as trigger.

reboot

Device reboot.

low-memory

Conserve mode due to low memory.

high-cpu

High CPU usage.

license-near-expiry

License near expiration date.

ha-failover

HA failover.

config-change

Configuration change.

security-rating-summary

Security rating summary.

virus-ips-db-updated

Virus and IPS database updated.

faz-event

FortiAnalyzer event.

incoming-webhook

Incoming webhook call.

faz-event-name

FortiAnalyzer event handler name.

var-string

Maximum length: 255

faz-event-severity

FortiAnalyzer event severity.

var-string

Maximum length: 255

faz-event-tags

FortiAnalyzer event tags.

var-string

Maximum length: 255

ioc-level

IOC threat level.

option

-

high

Option

Description

medium

IOC level medium and high.

high

IOC level high only.

license-type

License type.

option

-

forticare-support

Option

Description

forticare-support

FortiCare support license.

fortiguard-webfilter

FortiGuard web filter license.

fortiguard-antispam

FortiGuard antispam license.

fortiguard-antivirus

FortiGuard AntiVirus license.

fortiguard-ips

FortiGuard IPS license.

fortiguard-management

FortiGuard management service license.

forticloud

FortiCloud license.

any

Any license.

logid

Log ID to trigger event.

integer

Minimum value: 1 Maximum value: 65535

0

name

Name.

string

Maximum length: 35

report-type

Security Rating report.

option

-

PostureReport

Option

Description

PostureReport

Posture Report.

CoverageReport

Coverage Report.

OptimizationReport

Optimization Report

trigger-day

Day within a month to trigger.

integer

Minimum value: 1 Maximum value: 31

1

trigger-frequency

Scheduled trigger frequency.

option

-

daily

Option

Description

hourly

Run hourly.

daily

Run daily.

weekly

Run weekly.

monthly

Run monthly.

trigger-hour

Hour of the day on which to trigger.

integer

Minimum value: 0 Maximum value: 23

0

trigger-minute

Minute of the hour on which to trigger.

integer

Minimum value: 0 Maximum value: 59

0

trigger-type

Trigger type.

option

-

event-based

Option

Description

event-based

Event based trigger.

scheduled

Scheduled trigger.

trigger-weekday

Day of week for trigger.

option

-

Option

Description

sunday

Sunday.

monday

Monday.

tuesday

Tuesday.

wednesday

Wednesday.

thursday

Thursday.

friday

Friday.

saturday

Saturday.

config fields

Parameter

Description

Type

Size

Default

id

Entry ID.

integer

Minimum value: 0 Maximum value: 4294967295

0

name

Name.

string

Maximum length: 35

value

Value.

var-string

Maximum length: 63

config system automation-trigger

config system automation-trigger

Trigger for automation stitches.

config system automation-trigger
    Description: Trigger for automation stitches.
    edit <name>
        set event-type [ioc|event-log|...]
        set faz-event-name {var-string}
        set faz-event-severity {var-string}
        set faz-event-tags {var-string}
        config fields
            Description: Customized trigger field settings.
            edit <id>
                set name {string}
                set value {var-string}
            next
        end
        set ioc-level [medium|high]
        set license-type [forticare-support|fortiguard-webfilter|...]
        set logid {integer}
        set report-type [PostureReport|CoverageReport|...]
        set trigger-day {integer}
        set trigger-frequency [hourly|daily|...]
        set trigger-hour {integer}
        set trigger-minute {integer}
        set trigger-type [event-based|scheduled]
        set trigger-weekday [sunday|monday|...]
    next
end

config system automation-trigger

Parameter

Description

Type

Size

Default

event-type

Event type.

option

-

ioc

Option

Description

ioc

Indicator of compromise detected.

event-log

Use log ID as trigger.

reboot

Device reboot.

low-memory

Conserve mode due to low memory.

high-cpu

High CPU usage.

license-near-expiry

License near expiration date.

ha-failover

HA failover.

config-change

Configuration change.

security-rating-summary

Security rating summary.

virus-ips-db-updated

Virus and IPS database updated.

faz-event

FortiAnalyzer event.

incoming-webhook

Incoming webhook call.

faz-event-name

FortiAnalyzer event handler name.

var-string

Maximum length: 255

faz-event-severity

FortiAnalyzer event severity.

var-string

Maximum length: 255

faz-event-tags

FortiAnalyzer event tags.

var-string

Maximum length: 255

ioc-level

IOC threat level.

option

-

high

Option

Description

medium

IOC level medium and high.

high

IOC level high only.

license-type

License type.

option

-

forticare-support

Option

Description

forticare-support

FortiCare support license.

fortiguard-webfilter

FortiGuard web filter license.

fortiguard-antispam

FortiGuard antispam license.

fortiguard-antivirus

FortiGuard AntiVirus license.

fortiguard-ips

FortiGuard IPS license.

fortiguard-management

FortiGuard management service license.

forticloud

FortiCloud license.

any

Any license.

logid

Log ID to trigger event.

integer

Minimum value: 1 Maximum value: 65535

0

name

Name.

string

Maximum length: 35

report-type

Security Rating report.

option

-

PostureReport

Option

Description

PostureReport

Posture Report.

CoverageReport

Coverage Report.

OptimizationReport

Optimization Report

trigger-day

Day within a month to trigger.

integer

Minimum value: 1 Maximum value: 31

1

trigger-frequency

Scheduled trigger frequency.

option

-

daily

Option

Description

hourly

Run hourly.

daily

Run daily.

weekly

Run weekly.

monthly

Run monthly.

trigger-hour

Hour of the day on which to trigger.

integer

Minimum value: 0 Maximum value: 23

0

trigger-minute

Minute of the hour on which to trigger.

integer

Minimum value: 0 Maximum value: 59

0

trigger-type

Trigger type.

option

-

event-based

Option

Description

event-based

Event based trigger.

scheduled

Scheduled trigger.

trigger-weekday

Day of week for trigger.

option

-

Option

Description

sunday

Sunday.

monday

Monday.

tuesday

Tuesday.

wednesday

Wednesday.

thursday

Thursday.

friday

Friday.

saturday

Saturday.

config fields

Parameter

Description

Type

Size

Default

id

Entry ID.

integer

Minimum value: 0 Maximum value: 4294967295

0

name

Name.

string

Maximum length: 35

value

Value.

var-string

Maximum length: 63