FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
oarslan
Staff
Staff
Description
Automation stitches with an Email action can now leverage the formatting options provided by replacement messages to create branded email alerts. 

It is possible to enable a replacement message and edit the message body or select a customized replacement message group when  the automation action is configured. 
When the automation stitch is triggered, the FortiGate will send the email with the defined replacement message.
Solution
In this example, a Security Rating report triggers an Email notification action. The email uses a customized replacement message group.

Configure the replacement message group in the GUI:

1) Go to System -> Replacement Message Groups and slect 'Create New'.

2) Enter the following:




3) Select 'OK'.

4) Select the group in the list and select 'Edit'.

5) Select 'Automation Alert Email' and select 'Edit'.




6) Edit the HTML code as needed, then select 'Save'.

Configure the email action from GUI:

1) Go to Security Fabric -> Automation and select 'Create New'.

2) Enter the stitch name.

Configure the trigger:

1) Select 'Add Trigger'.

2) Select 'Create' and select Security Rating Summary.

3) Enter the following:






4) Select 'OK'.

5) Select the trigger in the list and select 'Apply'.

Configure the Email notification action:

1) Select 'Add Action'.

2) Select 'Create' and select 'Email'.

3) Enter the following:






4) Select 'OK'.
5) Select the action in the list and select 'Apply'.
6) Select 'OK'.
7) Select the automation stitch, and select 'Test Automation Stitch'.

After the Security Rating report is finished, the automation is triggered, and the email is delivered with the customized replacement message in the email body.




Configure the replacement message group from CLI:

# config system replacemsg-group
        edit "group-sec1"
            set comment ""
            set group-type utm
        # config automation
            edit "automation-email"
                set buffer "...<h1> Security Fabric Automation rating trigger </h1>..."
                ...
            next
        end
    next
end

Configure the email action from CLI:

1) Configure the automation trigger:

# config system automation-trigger
    edit "rating_posture"
        set description "rating test"
        set event-type security-rating-summary
    next
end

2) Configure the automation action:

# config system automation-action
    edit "email-group1"
        set action-type email
        set email-to "admin@fortinet.com"
        set email-subject "CSF stitch alert group1"
        set replacement-message enable
        set replacemsg-group "group-sec1"
    next
end

3) Configure the automation stitch:

# config system automation-stitch
    edit "auto_rating"
        set trigger "rating_posture"
        set action "email-group1"
    next
end

4) To view the automation stitch information after it is triggered:

# diagnose test application autod 3
stitch: auto_rating
        local hit: 1 relayed to: 0 relayed from: 0
        last trigger:Tue Mar 16 15:11:29 2021
        last relay:
        actions:
                email-group1:
                        done: 1 relayed to: 0 relayed from: 0
                        last trigger:Tue Mar 16 15:11:29 2021
                        last relay:

logid2stitch mapping:
id:52000  local hit: 1 relayed hits: 0
        auto_rating

Contributors