| Action | Description | 
|---|---|
| Add Source Address to Address Group | Run this action to add the source address to a group in your FortiGate environment. If the group doesn’t exist in FortiGate, it will be created by the action from USM Anywhere | 
| Add Destination Address to Address Group | Run this action to add the destination address to a group in your FortiGate environment. If the group doesn’t exist in FortiGate, it will be created by the action from USM Anywhere | 
| Add to Custom Category | Run this action to add the source address to a group in your FortiGate environment | 
| Add to Custom Category | Run this action to include the source address, destination address, or both to a custom group in your FortiGate environment | 
| Add to Custom Category | Run this action to assign an asset, object, or item to a custom category | 
| Add Address to Address Group | Run this action to add an IP address to a predefined address group | 
| Add Address to Address Group Using Rule | Run this action to add IP address to a predefined address group based on a specified rule | 
| Add Address to Static URL Filter | Run this action to assign an address or URL to a predefined static URL filter | 
| Add Address to Static URL Filter Using Rule | Run this action to assign an address or URL to a predefined static URL filter using a specified rule | 
Note: Before launching a FortiGate response action or creating a FortiGate response action rule, the BlueApp for Fortinet FortiGate must be enabled and connected to your FortiGate instance. See Configuring the BlueApp for Fortinet FortiGate for more information.
- In USM Anywhere, go to Data Sources > BlueApps.
- Click the Available Apps tab.
- Search for the BlueApp, and then click the tile.
- Click the Actions tab to display information for the supported actions.
- Click the History tab to display information about the executed orchestration actions.
Launch Actions from USM Anywhere
When you review the information in the Alarm Details, Event Details, or Vulnerability Details, you can easily launch an action to send a request to your connected FortiGate instance to add source or destination IP address information to an existing FortiGate group. If you want to apply an action to similar events that occur in the future, you can also create orchestration rules directly from an action applied to an alarm, event, or vulnerability. To launch a FortiGate response action for an alarm, event, or vulnerability- Go to Activity > Alarms, Activity > Events, or Environment > Vulnerabilities.
- Click the alarm, event, or vulnerability to open the details.
- Click Select Action.
- In the Select Action dialog box, select Run FortiGate Action.
- Select the app action and fill out the fields that are populated in the window.
- Click Run. After USM Anywhere initiates the action for an alarm or event, it displays a confirmation dialog box. If you want to create a rule to apply the action to similar items that occur in the future, click Create rule for similar alarms or Create rule for similar events and define the new rule. If not, click OK.