USM Anywhere™

AlienApp for Fortinet FortiGate Orchestration

As USM Anywhere surfaces events, alarms, and vulnerabilities, you can use FortiGate actions to respond to the events in your environment. Rather than manually adding addresses in the FortiGate user interface (UI) and entering the relevant information, you can use the AlienApp for Fortinet FortiGate response actions to automatically manage your FortiGate firewall using information from your USM Anywhere environment. The table below shows the actions.

Actions for the AlienApp for Fortinet FortiGate
Action Function

Add Source Address to Address Group

Run this action to add the source address to a group in your FortiGate environment. If the group doesn't exist in FortiGate, it will be created by the action from USM Anywhere.

Add Destination Address to Address Group Run this action to add the destination address to a group in your FortiGate environment. If the group doesn't exist in FortiGate, it will be created by the action from USM Anywhere.
Add to Custom Category Run this action to add the source address to a group in your FortiGate environment.
Add to Custom Category Run this action to include the source address, destination address, or both to a custom group in your FortiGate environment.

Note: Before launching a FortiGate response action or creating a FortiGate response action rule, the AlienApp for Fortinet FortiGate must be enabled and connected to your FortiGate instance. See Configuring the AlienApp for Fortinet FortiGate for more information.

To view information about these actions in USM Anywhere

  1. In USM Anywhere, go to Data Sources > AlienApps.
  2. Click the Available Apps tab.
  3. Search for the AlienApp, and then click the tile.
  4. Click the Actions tab to display information for the supported actions.
  5. Click the History tab to display information about the executed orchestration actions.