Hi,
I'm running the fortianalyser (7.4.0 GA Build 2223) and tried to set up notifications to slack as well as teams, but with not much success.
We tried to follow the manual https://docs.fortinet.com/document/fortigate/7.4.0/administration-guide/382184/slack-notification-ac... .... the gui is a bit different, and the CLI procedure fails at step 1; there is no command "config system automation-trigger"
So we went along with just look en fill in 'logical' values. What we have so far:
1) under "Fabric view" -> "Fabric connectors" -> "ITSM" -> "Generic connector"
there is a slack connector with in the HTTP Body "{\"channel\": \"#siem\", \"text\": \"%%log%%\" }"
(for the teams and slack connectors don't show up in the next step)
2) under "Incidents & Events" -> "Notication profiles"
there is a profile with "Send Alert through Fabric Connectors" enables and pointing to the connector from step 1
3) under "Incidents & Events" -> "Basic Handlers"
i created an new handler to notify all that is log-level <> debug
In Slack I litterly see "%%log%%" on each event.
I also tried HTTP Body "{\"channel\": \"#siem\", \"text\": event_id }" and many variations, but nothing gives me notifications with text related to the event. Only literal stings are coming thru.
Any suggestions on how it should be configured ?
//Tonny
