FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
Article Id 190594

Automation stitches allow to decrease response times to security events by automating the activities between different device components in the Security Fabric.
Monitor events from any source in the security fabric and set up action responses to any destination is possible

This article describes this feature.

Creating automation stitches.

To create an automation stitch, a trigger event and a response action or actions are selected.
Automation stitches can also be tested after they are created.

To create an automation stitch from the GUI:
Go to Security Fabric -> Automation.

Select 'Create New'. The New Automation Stitch page opens.


Enter the following information:

Name: Enter a name for the automation stitch.
Status:  Enable/disable the stitch.
FortiGate: Select the FortiGate to apply the automation stitch to, or select All FortiGates to apply it to all of them.
Trigger: Select a trigger.
Action: Select and configure one or more actions.
Minimum interval (seconds): Enter a minimum time interval during which notifications for the same trigger event will not be sent.
After the time interval elapses, an alert is sent that includes the last event since the time interval elapsed.

Select 'OK'.

To create an automation stitch from the CLI.

Create an automation trigger.

# config system automation-trigger
    edit <automation-trigger-name>
        set trigger-type {event-based | scheduled}
        set event-type <option>
        set license-type <option>
        set ioc-level {medium | high}
        set logid <integer>
        set trigger-frequency {hourly | daily | weekly | monthly}
        set trigger-weekday <option>
        set trigger-day <integer>
        set trigger-hour <integer>
        set trigger-minute <integer>
        set faz-event-severity <string>
        set faz-event-tags <string>
The available options will vary depending on the selected event type.

Create an automation action.
# config system automation-action
    edit <name>
        set action-type <option>
        set email-to <names>
        set email-from <string>
        set email-subject <string>
        set email-body <string>
        set minimum-interval <integer>
        set delay <integer>
        set required {enable | disable}
        set aws-api-id <string>
        set aws-region <string>
        set aws-domain <string>
        set aws-api-stage <string>
        set aws-api-path <string>
        set aws-api-key <string>
        set azure-app <string>
        set azure-function <string>
        set azure-domain <string>
        set azure-function-authorization {anonymous | function | admin}
        set azure-api-key <string>
        set gcp-function-region <string>
        set gcp-project <string>
        set gcp-function-domain <string>
        set gcp-function <string>
        set alicloud-account-id <string>
        set alicloud-region <string>
        set alicloud-function-domain <string>
        set alicloud-version <string>
        set alicloud-service <string>
        set alicloud-function <string>
        set alicloud-function-authorization {anonymous | function}
        set alicloud-access-key-id <string>
        set alicloud-access-key-secret <string>
        set protocol {http | https}
        set method {post | put | get | patch | delete}
        set uri <string>
        set http-body <string>
        set port <integer>
        set headers <header>
        set script <string>
        set security-tag <string>
        set sdn-connector <connector_name>
Create an automation destination.
# config system automation-destination
    edit <name>
        set type {fortigate | ha-cluster}
        set destination <serial numbers>
        set ha-group-id <integer>
Create the automation stitch.
# config system automation-stitch
    edit <automation-stitch-name>
        set status {enable | disable}
        set trigger <trigger-name>
        set action <action-name>
        set destination <serial-number>
To test an automation stitch.

From GUI, go to Security Fabric -> Automation, select the automation stitch and select 'Test Automation Stitch'.

From CLI, enter the following command:
# diagnose automation test <stitch-name> <log>