When you review the information in the Alarm Details, Event Details, or Vulnerability Details, you can easily launch an actionIn USM Anywhere you can execute an action from alarms, events, and vulnerabilities to run a scan, get forensic information, or execute a response for a configured AlienApp. to send a request to your connected FortiGate instance to add source or destination IP address information to an existing FortiGate group. If you want to apply an action to similar events that occur in the future, you can also create an orchestration rule after you apply the action.
To launch a FortiGate response action for an alarm, event, or vulnerability
- Go to Activity > Alarms, Activity > Events, or Environment > Vulnerabilities.
- Click the alarm, event, or vulnerability to open the details.
- Click Select Action.
In the Select Action dialog box, select Run FortiGate Action.
Select the app action and fill out the fields that are populated in the window.
After USM Anywhere initiates the action for an alarm or event, it displays a confirmation dialog box.
If you want to create a rule to apply the action to similar items that occur in the future, click Create rule for similar alarms or Create rule for similar events and define the new rule. If not, click OK.