While creating the Incoming Webhook, please provide FortiGate Hostname as a name to get a notification with a specific device Hostname.

For example:

The hostname of the FortiGate used in this article is 'LAB_GATEWAY_FGT' so Incoming Webhook connector name is set to 'LAB_GATEWAY_FGT'.

Copy the URL generated for the Incoming Webhook connector and save it.

FortiGate Configuration:

• Login to FortiGate and Go to Security Fabric -> Automation, select Create New and provide name for the Automation Stitch.

• Select 'Add Trigger' -> Create -> FortiOS Event Log.
• Provide the name for the Automation Trigger, select the event, and select 'ok' to save the configuration.

General FortiOS event logs which are of more concern in a production environment, are monitored to send the notification, so the below events are selected to trigger the automation.

Event:

• Admin login failed.
• Application crashed.
• BGP neighbor status changed
• Configuration changed.
• File descriptor conserve mode entered.
• FortiGuard's hostname is unresolvable.
• FortiGuard web filter unreachable.
• Interface link status changed.
• IPsec VPN tunnel is down.
• New firmware is available on FortiGuard.
• Routing information changed.
• System performance statistics.

• Select 'Add Action' -> Create -> Microsoft Teams Notification.
• Provide the name for the Automation action, enter the webhook URL, and select 'OK' to save the configuration.

• Post Automation configuration, whenever the selected event logs are generated in the FortiGate, Automation Stitch will get triggered and a notification will be sent to Microsoft Teams.