I'd like to set up an executed playbook within an unhandled (not mitigated by FGT) incident.
It's job is to send back the malicious event to fortigate (FGT) and have it mitigated automatically.
Which playbook's template does fit this need ? and which associated "Action" ?
It's about a malware hasn't been blocked by FGT and it shows "passthrough" in FAZ.
Solved! Go to Solution.
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
I believe you need to create a new Playbook with trigger " INCIDENT_TRIGGER ", connector "FortiOS" and the actions depends on the automation rules configured on each FortiGate.
https://docs.fortinet.com/document/fortigate/7.4.1/administration-guide/51460/actions
https://docs.fortinet.com/document/fortianalyzer/7.4.1/administration-guide/28682/playbooks
I believe you need to create a new Playbook with trigger " INCIDENT_TRIGGER ", connector "FortiOS" and the actions depends on the automation rules configured on each FortiGate.
https://docs.fortinet.com/document/fortigate/7.4.1/administration-guide/51460/actions
https://docs.fortinet.com/document/fortianalyzer/7.4.1/administration-guide/28682/playbooks
thanks for the quick and helpful response.
I thought there might be a template for it. But I've understood I should create one from scratch.
The trigger and the connector are clear to me.
yet I have to dive in the Actions because I want the fortigate to mitigate it or put it in quarantine automatically., not just send a notification.
thanks again
Please review the following articles:
https://community.fortinet.com/t5/FortiAnalyzer/Technical-Tip-How-to-run-a-FortiClient-Endpoint-Anti...
https://docs.fortinet.com/document/fortianalyzer/7.2.2/administration-guide/28682/playbooks
https://docs.fortinet.com/document/fortianalyzer/7.2.2/administration-guide/691884/configuring-playb...
https://docs.fortinet.com/document/fortianalyzer/7.2.2/administration-guide/813113/analyzing-an-inci...
https://docs.fortinet.com/document/fortianalyzer/6.4.0/new-features/447371/default-playbook-template...
https://docs.fortinet.com/document/fortianalyzer/7.0.0/new-features/949810/importing-and-exporting-p...
https://docs.fortinet.com/document/fortianalyzer/7.2.2/administration-guide/763118/configuring-tasks...
https://docs.fortinet.com/document/fortianalyzer/6.4.0/new-features/893685/automation-playbooks
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1547 | |
1031 | |
749 | |
443 | |
210 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.