Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
Echumba
New Contributor II

Created on ‎08-07-2025 04:29 AM Edited on ‎08-07-2025 11:05 PM

Fortisoar Error Handler - Email Notification On Playbooks Step Failure

This article describes how to send an email notification in an event one of the playbook steps failed. This is solution is not a global error_handler notification and thus should be configured on each playbook.

 

For the purposes of this description, the usecase is blocking an malicious ip and sending an email notification on the list of blocked IPs.

Prerequisites;

i) Configure firewall connector - Give read-write permissions to the API user

ii) Configure SMTP connector

playbookplaybook

The playbook logic:

Start > block_ip > code snippet > Collect Failed Errors > Condition > Send mail notification

In all your playbook steps enable ignore errors.

2.jpg

In any of your playbooks that you intend to track failed steps, include two critical steps;

(i) Set Variables Step

3.jpg 

The above variable playbook step is Collect Failed Errors

The variable name is failed_errors - The objective is to collect failed steps errors across the playbook.

failed_errors jinja;

{% if steps.block_ip.status != "Success" %}
<p>Step 'block_ip' failed:<br>{{ steps.block_ip.error_message }}</p>
{% endif %}
{% if steps.code_snippet.status != "Success" %}
<p>Step 'code_snippet' failed:<br>{{ steps.code_snippet.error_message }}</p>
{% endif %}

(ii) Condition Step

Fortisoar has  four step execution status; :white_heavy_check_mark: Success, :cross_mark: Failure, :warning: Skipped, :hourglass_not_done: In Progress. Our interest is on the Failure status.

To achieve this, create a two send mail steps(send_mail, and send_failed_email_notification) after the condition step and connect.

4.jpg

Configure the condition step and set a condition to check if the playbook steps execution status is not equal to success.

Jinja

vars.steps.get_IOC.status != "Success" or vars.steps.code_snipet.status != "Success"

If this condition is met, set the next step to execute as send_failed_email_notification otherwise the defaul condition will be all the playbooks step executed successfully and the next step is send_email.

6.jpg

(iii) Send_failed_email_notification

The next step is to send email notification when any of the playbook steps fails to execute.

email body jinja;

Playbook block_malicious_ips   encountered the following errors:

{% for err in vars.failed_errors %}
  - {{ err }}
{% endfor %}

This will send notification of all failed to execute 

Evans Chumba
Evans Chumba
Labels:
237
0 REPLIES 0
Announcements
Check out our Community Chatter Blog! Click here to get involved
Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.