Fortinet Document Library

Version:


Table of Contents

More Links

Predefined event handlers

New Features

6.2.0
Download PDF
Copy Link

Consolidate Event Handlers for FortiGate Security (UTM) Events

In 6.0, several predefined event handlers exist for FortiGate. In 6.2, we leverage the latest event handler design to consolidate all of these handlers to a single handler with multiple filters.

To view the consolidated FGT event handler:
  1. In FortiAnalyzer, go to Incidents & EventsEvent Handler List.
  2. The previous predefined FortiGate traffic and UTM log based handlers have been replaced with new updated consolidated traffic and UTM log based handlers.

    Screenshot displaying updated FortiGate traffic UTM log handler

Example of handler replacement:
  • Legacy UTM Antivirus Event (top-left in the example below) is now covered by the new Default-Malicious-File-Detection-By-Threat (right).
  • The new handler includes different filters for block and detect cases (rules, event message, event severity, event status), and customized additional info.

    Screenshot comparing legacy and new UTM handlers

Example of an event generated by the new Default-Malicious-File-Detection-By-Threat handler with the AV log: Malware Blocked.

Screenshot of new UTM malicious file handler alert

Example of an event generated by the legacy UTM Antivirus Event handler with the AV log: Malware Blocked.

Screenshot displaying legacy UTM AV handler alert

More Links

Consolidate Event Handlers for FortiGate Security (UTM) Events

In 6.0, several predefined event handlers exist for FortiGate. In 6.2, we leverage the latest event handler design to consolidate all of these handlers to a single handler with multiple filters.

To view the consolidated FGT event handler:
  1. In FortiAnalyzer, go to Incidents & EventsEvent Handler List.
  2. The previous predefined FortiGate traffic and UTM log based handlers have been replaced with new updated consolidated traffic and UTM log based handlers.

    Screenshot displaying updated FortiGate traffic UTM log handler

Example of handler replacement:
  • Legacy UTM Antivirus Event (top-left in the example below) is now covered by the new Default-Malicious-File-Detection-By-Threat (right).
  • The new handler includes different filters for block and detect cases (rules, event message, event severity, event status), and customized additional info.

    Screenshot comparing legacy and new UTM handlers

Example of an event generated by the new Default-Malicious-File-Detection-By-Threat handler with the AV log: Malware Blocked.

Screenshot of new UTM malicious file handler alert

Example of an event generated by the legacy UTM Antivirus Event handler with the AV log: Malware Blocked.

Screenshot displaying legacy UTM AV handler alert