Technical Tip: Automating security checks for authorized admin accounts on FortiGate

To automate security checks for authorized admin accounts on FortiGate, follow these steps:

• Option 1: 

Use a FortiManager script to retrieve the list of admin accounts.

1. Go to Device Manager -> Scripts.
2. Select Create New -> Script, or 'right-click' anywhere in the script list and select New from the menu. The Create Script dialog box.
3. Enter the required information, then select OK to create the new script. 
                                                 
                                                                 
4. Select 'Run Script' to run the script.
5. Copy and paste the output into a text editor, remove the known admin accounts, and delete the remaining unknown admin accounts safely.

• Option 2:

Create an automated action.

Example : 

config system automation-trigger
    edit "OneTime"
        set trigger-type scheduled
        set trigger-frequency once
        set trigger-datetime XXXXX
    next
end
config system automation-action
    edit "email-results"
        set action-type email
        set email-to "XXXXXX.com" > if an email is needed
        set email-subject "HMFGT stitch"
        set message "%%results%%:
        %%log%%:"
    next
    edit "collect-admins"
        set action-type cli-script
        set script "get sys admin | grep name"
        set accprofile "super_admin"
    next
end
config system automation-stitch
    edit "get-admins-stitch"
        set trigger "OneTime"
            config actions
                edit 1
                    set action "collect-admins"
                    set required enable
                next
                edit 2
                    set action "email-results"
                    set delay 5
                    set required enable
                next
            end
    next
end

Related document:

Add a script