Created on 10-30-2019 05:35 AM Edited on 11-23-2021 08:21 AM By Anonymous
Description
This article describes how ForitGate use Automation function via webhook to send message to Slack channel, and how to customize information use event log.
Useful link:
Fortinet Documentation:
Webhook action: https://docs.fortinet.com/document/fortigate/6.2.0/cookbook/989735/webhook-action
Solution
1) Create New Automation
6) Put Slack Channel Information7) Generate Admin login failed eventc3po-kvm52 # dia de app autod -1
Debug messages will be on for 30 minutes.
c3po-kvm52 # dia de ena
c3po-kvm52 # auto_generate_generic_curl_request()-302: Generating generic automation CURL request for action (webhook2slack).
auto_generate_generic_curl_request()-350: Generic automation CURL request POST data for action (webhook2slack):
{"text": "This is for user - admin login failed as log reason - passwd_invalid, ui = ssh(10.56.246.131) log method - ssh from log srcip - 10.56.246.131 , msg - Administrator admin login failed from ssh(10.56.246.131) because of invalid password"}
auto_generate_generic_curl_request()-400: Generic automation CURL request Host header: hooks.slack.com
auto_generic_curl_request_close()-476: Generic CURL request response body from https://hooks.slack.com/services/XXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
okWhere is the HTTP body parameter come from?Some old version such as 6.0.5 may met HTTP 400 error, please upgrade to 6.2.2
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.