AlienVault® USM Anywhere™

AlienApp for Fortinet FortiGate Orchestration

As USM Anywhere surfaces events, alarms, and vulnerabilities, you can use FortiGate actions to respond to the events in your environment. Rather than manually adding addresses in the FortiGate user interface (UI) and entering the relevant information, you can use the AlienApp for Fortinet FortiGate response actions to automatically manage your FortiGate firewall using information from your USM Anywhere environment. The table below shows the actions.

Example of alarms generated from the Fortigate AlienApp
Action Function

Add Source Address to Address Group

Run this action to add the source address to a group in your FortiGate environment.

Add Destination Address to Address Group Run this action to add the destination address to a group in your FortiGate environment.
Add to Custom Category Run this action to add the source address to a group in your FortiGate environment.
Add to Custom Category Run this action to include the source address, destination address, or both to a custom group in your FortiGate environment.

Note: Before launching a FortiGate response action or creating a FortiGate response action rule, the AlienApp for Fortinet FortiGate must be enabled and connected to your FortiGate instance. See Configuring the AlienApp for Salesforce for more information.

To view information about these actions in USM Anywhere

  1. In USM Anywhere, go to Data Sources > Integrations.
  2. Click the AlienApps tab.

    Available Apps tab

  3. On the AlienApps page, click the FortiGate tile.

  4. Click the Actions tab to display information for the supported actions.
  5. Click the History tab to display information about the executed actions.