Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
New Contributor III

fortianalyzer playbooks

Good morning friends, could you help me with this question?
I have a faz and would like to use the FORTISOC feature. According to the cookbook, tasks can be automated (PLAYBOOKS).
All the configuration is done on the faz? Or in the fortigate should some additional configuration be done? for example I would like to Quarantine a fortianalyzer playbooks device. I understand that the fortigate should quarantine the computer, right?

thanks for your support

Community Manager
Community Manager


Thank you for using the Community Forum. I will seek to get you an answer or help. We will reply to this thread with an update as soon as possible.


Anthony-Fortinet Community Team.

Hi @unknown1020 ,


As per the document, when creating a playbook the action is specified based on the connector. If you refer the connector document on same URL, it says "The actions available with FortiOS connectors are determined by automation rules configured on each FortiGate."  That means we need to create the automation rules on Fortigate - with trigger as "Incoming Webhook Call" and the corresponding action-. This will be executed by Fortianalyzer once you implement the playbook.


Below document explains the procedure.


Select a connector type and configure an automated action:

Name Enter a name for the task.
Description Enter a description of the task.

Select a connector to use from the dropdown menu. See Connectors.

Action Select the automated action to be performed.


FortiOS Connector

The FortiOS connector is added after the first FortiGate has been authorized on an ADOM. Additional devices authorized to the ADOM are displayed as separate entries within the same connector. FortiOS connectors are available in FortiGate and Fabric ADOMs.

Enabling FortiOS actions

The actions available with FortiOS connectors are determined by automation rules configured on each FortiGate. Automation rules using the Incoming Webhook trigger must be created in FortiOS before they are shown as actions in FortiAnalyzer. FortiOS automation rules are configured on FortiOS in Security Fabric > Automation. For information on creating FortiOS automation rules, see the FortiOS administration guide.

- Have you found a solution? Then give your helper a "Kudos" and mark the solution.

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Top Kudoed Authors