Fortinet black logo

New Features

Event Handler - Additional Info and Customization

Copy Link
Copy Doc ID bc40d227-4cc1-11e9-94bf-00505692583a:589781
Download PDF

Event Handler - Additional Info and Customization

You can now create custom messages in event handlers in the new Additional Info field. You can use the default information or configure a custom message. The custom message can include variables and log fields.

Use this feature to provide custom information including specific details from fields and variables.

This additional information can be included in email notifications or passed to ITMS platforms such as ServiceNow. Using this feature, you can see the event details without going into the logs.

To configure a custom event handler message:
  1. Go to Incidents > Event Monitor > Event Handler List.
  2. Create or edit a cloned event handler.
  3. In the Additional Info section, select Use custom message.

    For tips on using variables, click the question mark button.

  4. Specify the custom message, for example:

    endpoint ${srcip} launched application ${app} to ${dstip}

  5. Configure the other event handler settings and click OK.

In Incidents & Events > Event Monitor > All Events, once that endpoint launches an application and creates a log entry, you'll see the custom message in the Additional Info column.

Related Videos

sidebar video

Event Handler - Additional Info & Customization

  • 996 views
  • 5 years ago

More Links

Event Handler - Additional Info and Customization

You can now create custom messages in event handlers in the new Additional Info field. You can use the default information or configure a custom message. The custom message can include variables and log fields.

Use this feature to provide custom information including specific details from fields and variables.

This additional information can be included in email notifications or passed to ITMS platforms such as ServiceNow. Using this feature, you can see the event details without going into the logs.

To configure a custom event handler message:
  1. Go to Incidents > Event Monitor > Event Handler List.
  2. Create or edit a cloned event handler.
  3. In the Additional Info section, select Use custom message.

    For tips on using variables, click the question mark button.

  4. Specify the custom message, for example:

    endpoint ${srcip} launched application ${app} to ${dstip}

  5. Configure the other event handler settings and click OK.

In Incidents & Events > Event Monitor > All Events, once that endpoint launches an application and creates a log entry, you'll see the custom message in the Additional Info column.