Information
Default automation trigger configuration for when a high severity compromised host is detected.
Rationale:
By enabling this feature you protect your environment against compromised hosts. Default automation stitch to quarantine a high severity compromised host on FortiAPs, FortiSwitches, and FortiClient EMS.
NOTE: Nessus has not performed this check. Please review the benchmark to ensure target compliance.
Solution
GUI
Security Fabric>Automation
Edit and change Disabled to Enabled
CLI
config system automation-action
edit 'Quarantine on FortiSwitch + FortiAP'
set description 'Default automation action configuration for quarantining a MAC address on FortiSwitches and FortiAPs.'
set action-type quarantine
next
edit 'Quarantine FortiClient EMS Endpoint'
set description 'Default automation action configuration for quarantining a FortiClient EMS endpoint device.'
set action-type quarantine-forticlient
next
end
config system automation-trigger
edit 'Compromised Host - High'
set description 'Default automation trigger configuration for when a high severity compromised host is detected.'
next
end
config system automation-stitch
edit 'Compromised Host Quarantine'
set description 'Default automation stitch to quarantine a high severity compromised host on FortiAPs, FortiSwitches, and FortiClient EMS.'
set status disable
set trigger 'Compromised Host - High'
config actions
edit 1
set action 'Quarantine on FortiSwitch + FortiAP'
next
edit 2
set action 'Quarantine FortiClient EMS Endpoint'
next
end
next
end
Default Value:
Not enabled