Description | This article explains the fields to be chosen to retrieve the script output. |
Scope | Security Fabric, Automation, CLI script |
Solution |
Run a CLI script automatically when issues like (conserve mode, high CPU) etc get triggered.
1) Create a new Stitch under Security Fabric -> Automation.
2) Select 'Add Trigger' and add the appropriate trigger, the conserve mode trigger is used as an example.
3) Now, the Actions ( CLI script first and then the email) are added. (total 2 Actions are configured)
4) Select 'Ok'.
Sample of the CLI script:
Note. While configuring the email -Action it is important to change the body of the subject field to %%results%% instead of %%logs%% or can use both but not without %%results%%.
Note. If the %%results%% pattern is not added then the email received will not have any output of the CLI script commands generated.
Below are the description for the representations,
All fields from the log or FortiAnalyzer event triggering this stitch:
%%results%%: The complete result from previous action, such as CLI script.
The 'source' property from the previous action.
The'source' property from the results of a previous action named 'aws_ban_ip'.
The first index value in the array 'sources' from the previous action/
The 'from' property of an email object from the previous action.
The 'scrip' field from the log or FortiAnalyzer event triggers this stitch.
- After completing the configuration it is recommended to perform a test stitch to verify if the alert email with the CLI script output is received by the recipient.
Note. - Ensure the mail-server settings are already configured with the appropriate SMTP server. - Make sure the recipient's email is valid. |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.