Skip to main content
smkml
Staff
smkml
Staff
January 7, 2025

Technical Tip: FortiAnalyzer use webhook to send alert to Telegram

  • January 7, 2025
  • 0 replies
  • 1837 views
Description

 

This article describes how to send an alert message to the Telegram Application from FortiAnalyzer using the Generic Connector.

 

using generic connector.png

 

Scope

 

FortiAnalyzer v7.4, FortiAnalyzer v7.6.

 

Solution

 

Pre-requisites:

 

Make sure FortiAnalyzer can ping and resolve api.telegram.org.

 

FAZ # execute ping api.telegram.org
PING api.telegram.org (149.154.167.220): 56 data bytes
64 bytes from 149.154.167.220: seq=0 ttl=55 time=165.448 ms
64 bytes from 149.154.167.220: seq=1 ttl=55 time=163.866 ms
64 bytes from 149.154.167.220: seq=2 ttl=55 time=164.302 ms
64 bytes from 149.154.167.220: seq=3 ttl=55 time=164.730 ms

--- api.telegram.org ping statistics ---
4 packets transmitted, 4 packets received, 0% packet loss
round-trip min/avg/max = 163.866/164.586/165.448 ms

 

  1. Create a Telegram bot and get the Bot Token.

 

telegram http token.png

 

  1. Create a Telegram group and add the bot created previously into the groupTake note of the group ID, for example: web.telegram.org/k/#-4710103569.

     

    telegram group.png


    telegram group id.png

     

  2. Create a webhook using the Generic Connector.

 

In v7.4.x, go to Fabric View -> Fabric Connectors -> Create New.

 

In v7.6.x, go to Incidents & Events -> Automation -> Active Connectors -> Create New.

 

faz webhook configuration.png

 

In the URL bracket, fill in 'api.telegram.org/bot<BOT TOKEN>/sendMessage' and HTTP Body fill in '{"chat_id":"<GROUP ID>","text":"${event}"}'.

 

The text output ${event} can be replaced using other macros (see Configuring ITSM connectors).

 

  1. Add the created webhook to the Notification Profile.

 

In v7.4.x, go to Incidents & Events -> Handlers -> Notification Profiles -> Create New.

In v7.6.x, go to Incidents & Events -> Event Handlers -> Notification Profiles -> Create New.

 

add notification profile.png

 

  1. Create an event and add the notifications profile to it.

In v7.4.x, go to Incidents & Events -> Handlers -> Basic Handlers -> Create New.

In v7.6.x, go to Incidents & Events -> Event Handlers -> Event Handlers -> Create New.

 

event handler.png

 

  1. Trigger the event and check if it is present in Event Monitor and Telegram.

 

event monitor.png

 

telegram notify.png

 

To debug and perform troubleshooting checks, use the following CLI commands:

 

diagnose debug application faznotify 8

diagnose debug timestamp enable

diagnose debug enable

 

faznotify.png

 

Example output: 

 

debug faznotify.png

 

To disable the debugging:

 

diagnose debug disable

 

Related articles:

    Terms & ConditionsAccessibility statement