1. Telegram prerequisites (Bot Token, Group, Chat ID).

1. Create a Telegram bot and obtain the Bot Token.
   • Create a bot using BotFather in Telegram.
   • Record the bot token 
2. Create a group chat and add the bot
   
   • Create a Telegram group chat.
   • Add the bot to the group as a member.
   • Ensure the bot has permission to post messages in the group
3. Obtain the Chat ID
   
   • Record the chat ID for the group

2. Validate Bot Token and Chat ID (Telegram API direct test).

1. Send a test message using the Bot API.
   Use the following format in a browser:

https://api.telegram.org/bot<BOT_TOKEN>/sendMessage?chat_id=<CHAT_ID>&text=Hello

• Expected result: 
• The Telegram group receives the message.
• The API response returns ok:true.

3. FortiGate connectivity validation to Telegram.

In the FortiGate CLI, run the following:

execute ping api.telegram.org

4. Configure the Automation Stitch on FortiGate (GUI).

1. Create a new Automation Stitch

• Go to Security Fabric -> Automation -> Stitch.
• Select Create New.
• Set Name: Telegram_Alerts (example).

2. Configure the Trigger (Administrator login failure):

• Under Trigger, select Event Log (or the FortiOS event-based trigger available in the FortiOS build).
• Select the event that matches Administrator login failures.
• Save the Trigger.

3. Configure the Action (Webhook to Telegram).
   • Under Actions, select Add Action.
   • Select Webhook.
   • Select Create New.

5. Verification.

1. Trigger an Administrator login failure event.
   • Attempt an admin login with an incorrect password.
   • Confirm that an event is generated in logs.
   • Confirm that the Telegram group receives the message.