The following trigger types can be used to configure the stitch and when the event is triggered, the user can be notified with the configured email as an action:

• Default-NOC-Fabric-Events.
• Default-NOC-System-Events.

Method 1:

Go under Automation -> Stitches -> Create New, select Trigger: Default-NOC-Fabric-Events --> Action: Email User -> OK.

Triggers when it detects the following:

1. The device is offline.
2. The fortiAnalyzer connection is down.
3. The connection to the CSF member is terminated.
4.  The automation stitch is triggered.
5. The license failed or expired.
6. The system updates or fails
7. Security fabric settings have changed.

Method 2:

Go under Automation -> Stitches -> Create New, select Trigger: Default-NOC-System-Events -> Action: Email User -> OK.

Triggers when it detects the following:

1. Device shutdown.
2. Conserver mode.
3. The disk or memory is full.
4. High CPU.
5. High memory.

Hover over the Stitches name to view the rules. The stitches are configured in a group of events and there is no way to configure it individually (i.e. device status only).