FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
Article Id 287255

This article describes how to export IPS signatures using Automation stitch whenever there is an IPS signature database update to the email.

Scope FortiGate v7.0+.

Create Automation Trigger

  • Go to Security Fabric -> Automation.
  • Select Trigger and then Create New.
  • Select AV & IPS DB Update.
  • Give a name to the trigger, in this example, IPS update.
  • Select OK at the bottom.




Create First Automation Action (CLI Script):

  • Switch over to Action at the top and select Create New.
  • Select CLI script.
  • Give it a name, in this example, CLI script.
  • Under script type:


get ips rule status <----- if there is a FortiGate with a single VDOM.

config global       <----- If there is a multi VDOM environment.

get ips rule status


  • Under ‘Administrative Profile’ select super_admin
  • Select OK at the bottom.




Create Second Automation Action (Email):

  • Create the second action
  • Select Create New under Action.
  • Select Email.
  • Give it a name, for this example, Email.
  • Type the email of the recipient, for this example,
  • Under Subject, it is possible to type it as per requirement. IPS signature update in this example.
  • Under the body, it is necessary to have %%results%%
  • Select 'OK' at the bottom.




Create Automation Stitch.

  • Go to the Stitch option at the top and select Create New.
  • Give it a name as per requirement, IPS Update Stitch for this example.
  • Make sure to keep Action Execution Sequential.
  • Under Trigger, select the trigger created, in this case, IPS Update. Then select Apply.
  • Under the first action, select the CLI action that was created before, in this case, CLI Script. Then select Apply.
  • Select Add Action.
  • Select the email action created. For this case, Email. Then select Apply.
  • Once done, select OK.




That will create the automation stitch to send the update for the IPS Signature database to the email.