Hi,
I'm trying to figure out how to send an alert when an ip address is quarantined by the dos policy...
Does anyone know how to do this through automation stitches?
Thanks
Solved! Go to Solution.
Hey Daniele,
there should be event logs like
22850 - LOG_ID_USER_QUARANTINE_MAC_ADD
or
43776 - LOG_ID_EVENT_NAC_QUARANTINE
-> check your system event logs on FortiGate
You can create an automation stitch to trigger on the event log message; this is triggered based on the log ID. The last five numbers of the log ID are the specific log message ID that an automation stitch will trigger on.
Hey Daniele,
there should be event logs like
22850 - LOG_ID_USER_QUARANTINE_MAC_ADD
or
43776 - LOG_ID_EVENT_NAC_QUARANTINE
-> check your system event logs on FortiGate
You can create an automation stitch to trigger on the event log message; this is triggered based on the log ID. The last five numbers of the log ID are the specific log message ID that an automation stitch will trigger on.
Thanks, it works.
User | Count |
---|---|
991 | |
829 | |
462 | |
440 | |
132 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.