Help
FortiSIEM Discussions
Kunj
New Contributor

Created on ‎01-07-2025 02:41 AM Edited on ‎01-07-2025 04:57 AM

Access triggering events/ incidents from Automation Policy Action

I have a use case to be implemented in FortiSIEM. I want to enrich my FortiSIEM events through APIs possibly via automation policy and then executing a custom Integration.
Let's consider I have configured a rule and an action for automation policy like 'Run script' or 'Invoke an integration policy'. 

So, the questions are as below mentioned:

1. Are the events (which triggered the rule) passed by the automation policy as an action to my Integration/script?

2. Is Incident always created once rule is triggered? Is the incident's info are passed to the automation policy action?


57
0 Kudos
0 REPLIES 0
Announcements

Welcome to your new Fortinet Community!

You'll find your previous forum posts under "Forums"

Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.