Fortinet Document Library

Version:


Table of Contents

Related Videos

Event Handler - Additional Info & Customization

  • 128 views
  • 6 months ago

More Links

Creating a custom event handler

New Features

6.2.0
Download PDF
Copy Link

Event Handler - Additional Info and Customization

You can now create custom messages in event handlers in the new Additional Info field. You can use the default information or configure a custom message. The custom message can include variables and log fields.

Use this feature to provide custom information including specific details from fields and variables.

This additional information can be included in email notifications or passed to ITMS platforms such as ServiceNow. Using this feature, you can see the event details without going into the logs.

To configure a custom event handler message:
  1. Go to Incidents > Event Monitor > Event Handler List.
  2. Create or edit a cloned event handler.
  3. In the Additional Info section, select Use custom message.

    For tips on using variables, click the question mark button.

  4. Specify the custom message, for example:

    endpoint ${srcip} launched application ${app} to ${dstip}

  5. Configure the other event handler settings and click OK.

In Incidents & Events > Event Monitor > All Events, once that endpoint launches an application and creates a log entry, you'll see the custom message in the Additional Info column.

Related Videos

Event Handler - Additional Info & Customization

  • 128 views
  • 6 months ago

More Links

Event Handler - Additional Info and Customization

You can now create custom messages in event handlers in the new Additional Info field. You can use the default information or configure a custom message. The custom message can include variables and log fields.

Use this feature to provide custom information including specific details from fields and variables.

This additional information can be included in email notifications or passed to ITMS platforms such as ServiceNow. Using this feature, you can see the event details without going into the logs.

To configure a custom event handler message:
  1. Go to Incidents > Event Monitor > Event Handler List.
  2. Create or edit a cloned event handler.
  3. In the Additional Info section, select Use custom message.

    For tips on using variables, click the question mark button.

  4. Specify the custom message, for example:

    endpoint ${srcip} launched application ${app} to ${dstip}

  5. Configure the other event handler settings and click OK.

In Incidents & Events > Event Monitor > All Events, once that endpoint launches an application and creates a log entry, you'll see the custom message in the Additional Info column.