Hi!
I was wondering what changes do I have to make in my Fortigate, in the automation section, to automate the quarantine of an endpoint from FortiAnalyzer (with the playbook)?
I can run the playbooks to create incidents if it detects a compromised host, but I would like to quarantine them as well with another playbook. Do I have to create a sticth first on my Fortigate?
Thanks.
Lots of good info here: https://docs.fortinet.com/document/fortianalyzer/7.2.2/administration-guide/691884/configuring-playb...
No, turning on the web hook in the FGT would be enough. Once it's done, new actions will show up in the FAZ under the fortiOS connector.
There is a playbook template for that.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1737 | |
1107 | |
752 | |
447 | |
240 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.