Help
FortiAnalyzer
FortiAnalyzer can receive logs and Windows host events directly from endpoints connected to EMS, and you can use FortiAnalyzer to analyze the logs and run reports.
smkml
Staff
Staff

Created on ‎01-07-2025 12:39 AM Edited on ‎01-07-2025 12:46 AM By Moderator

Article Id 368692

Technical Tip: FortiAnalyzer use webhook to send alert to Telegram

Description

 

This article describes how to send an alert message to the Telegram Application from FortiAnalyzer using Generic Connector.

 

using generic connector.png

 

Scope

 

FortiAnalyzer v7.4, FortiAnalyzer v7.6.

 

Solution

 

Pre-requisite:

 

Make sure FortiAnalyzer can ping and resolve api.telegram.org.

 

FAZ # execute ping api.telegram.org
PING api.telegram.org (149.154.167.220): 56 data bytes
64 bytes from 149.154.167.220: seq=0 ttl=55 time=165.448 ms
64 bytes from 149.154.167.220: seq=1 ttl=55 time=163.866 ms
64 bytes from 149.154.167.220: seq=2 ttl=55 time=164.302 ms
64 bytes from 149.154.167.220: seq=3 ttl=55 time=164.730 ms

--- api.telegram.org ping statistics ---
4 packets transmitted, 4 packets received, 0% packet loss
round-trip min/avg/max = 163.866/164.586/165.448 ms

 

  1. Create a Telegram bot and get the Bot Token.

 

telegram http token.png

 

  1. Create a Telegram group and add the bot created previously into the group. Take note of the group ID, for example web.telegram.org/k/#-4710103569.

     

    telegram group.png

    telegram group id.png

     

  2. Create webhook using Generic Connector.

     

    In v7.4.x, go to Fabric View -> Fabric Connectors -> Create New.

    In v7.6.x, go to Incidents & Events -> Automation -> Active Connectors -> Create New.

     

    faz webhook configuration.png

    In the URL bracket, fill in 'api.telegram.org/bot<BOT TOKEN>/sendMessage' and HTTP Body fill in '{"chat_id":"<GROUP ID>","text":"${event}"}'.

     

    The text output ${event} can be replaced using other macros in (Supported macros for the MS Teams Connector).

     

     

  3. Add the created webhook to the Notification Profile.

     

    In v7.4.x, go to Incidents & Events -> Handlers -> Notification Profiles -> Create New.

    In v7.6.x, go to Incidents & Events -> Event Handlers -> Notification Profiles -> Create New.

     

    add notification profile.png

     

     

  4. Create an event and add the notifications profile to it.

     

    In v7.4.x, go to Incidents & Events -> Handlers -> Basic Handlers -> Create New.

    In v7.6.x, go to Incidents & Events -> Event Handlers -> Event Handlers -> Create New.

     

    event handler.png

     

     

  5. Trigger the event and check if it is present in Event Monitor and Telegram.

     

event monitor.png

telegram notify.png

 

To debug and check for troubleshooting, use the below CLI commands:

 

diag debug application faznotify 8

diag debug timestamp enable

diag debug enable

 

Sample output: 

 

debug faznotify.png

 

Related articles:

Technical Tip : How to configure Automation Stitch with Action Webhook using Telegram 
Technical Tip: Telegram Notification for FortiADC 

276
Suggest New Article
Article Feedback
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.