Fortinet Community

Unlock Exclusive Benefits

Join Our Community Today!

Join our community and post in the forum to earn your exclusive Spring Badge! Become a member today!

Support Forum
Knowledge Base
Community Groups
Blogs

FortiSIEM Discussions

Fortinet Community
Community Groups
FortiSIEM
Discussions
Access triggering events/ incidents from Automatio...

Options

Subscribe to RSS Feed
Mark Topic as New
Mark Topic as Read
Float this Topic for Current User
Bookmark
Subscribe
Mute
Printer Friendly Page

Kunj

New Contributor

Created on ‎01-07-2025 02:41 AM Edited on ‎01-07-2025 04:57 AM

Options

Mark as New
Bookmark
Subscribe
Mute
Subscribe to RSS Feed
Permalink
Print
Report Inappropriate Content

Access triggering events/ incidents from Automation Policy Action

I have a use case to be implemented in FortiSIEM. I want to enrich my FortiSIEM events through APIs possibly via automation policy and then executing a custom Integration.
Let's consider I have configured a rule and an action for automation policy like 'Run script' or 'Invoke an integration policy'.

So, the questions are as below mentioned:

1. Are the events (which triggered the rule) passed by the automation policy as an action to my Integration/script?

2. Is Incident always created once rule is triggered? Is the incident's info are passed to the automation policy action?

Labels:

Labels:
API
FortiSIEM
FortiSIEM Cloud
integration
Rules

147

0 Kudos

Nominate to Knowledge Base

Nominate a Forum Post for Knowledge Article Creation

Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.

SUBMIT CANCEL

All forum topics
Previous Topic
Next Topic

0 REPLIES 0

Announcements

Welcome to your new Fortinet Community!

You'll find your previous forum posts under "Forums"

Labels

Top Labels

Alphabetical

FortiSIEM 127
Rules 5
Parsers 5
fortisiem v7.2.0 4
integration 4
API 4
Agent Linux 3
ClickHouse 3
Database 3
Collector 3
FortiSIEM Cloud 3
FortiSIEM v6.x 3
FortiGate 2
Source Code 2
CMDB 2
watchlist 2
External System Integration 2
lookuptables 2
Incidents 2
GUI 2
SAML 2
Agent 2
Supervisor 2
FortiSiem 7.1 2
Collector Agent 2
Rocky Linux 8 1
Redhat 8 1
Oracle Linux 8 1
Alma Linux 8 1
Reference Files 1
MySQL 1
Impact 1
o 1
OPManager 1
RBAC 1
User Control 1
Partnership Inquiry 1
cisco wsa 1
Hi 1
Reference Material 1
FortiAnalyzer 1
FortiClient 1
FortiAuthenticator v5.5 1
upgrade 1
IPsec 1
External Connectors 1
LDAP 1
Report 1
Cisco 1
discovery 1
enrichement 1
Report-Rules-Dashboards 1
Analytics & Reporting 1
Notifications 1
Expressions 1
Status 1
Internet service database 1
dashboard 1
Usage 1
Certificate 1

Previous
1 of 6
Next

Top Kudoed Authors

User

Count

Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media

Security Research

Threat Research
FortiGuard Labs
Threat Map
Threat Briefs
Ransomware
Getting Started Resources

Company

About Us
Security Fabric
Exec. Mgmt
Careers
Certifications
Events
Industry Awards
Social Responsibility

News & Articles

News Releases
News Articles
Trademarks

Corporate
Community

Terms of Service
Privacy Policy
GDPR
Cookie Settings

You are leaving our website

You are leaving our site and we cannot be held responsible for the content of external websites

Stay Here Continue