Managing event handlers
To manage event handlers, go to Incidents & Events/FortiSoC > Event Monitor > Event Handler List.
FortiAnalyzer includes predefined event handlers that you can use to generate events.
This page lists both predefined and custom event handlers with a icon for enabled event handlers and a icon for disabled event handlers.
The following options are available:
Option |
Description |
---|---|
Create New |
Create a new event handler. |
Edit |
Edit the selected event handler. Some fields in predefined event handlers cannot be modified, such as the name, description and filter settings. However, you can clone a predefined event handler and customize its settings. See Cloning event handlers. |
Delete |
Delete the selected event handler. You cannot delete predefined event handlers. |
Clone |
Clone the selected event handler. You can clone a predefined event handler and modify it to create a customized event handler. |
Enable / Disable |
Enable or disable the selected event handler to start or stop generating events on the Incidents & Events/FortiSoC > Event Monitor > All Events page. |
Collapse All / Expand All |
Collapse or expand the Filters column. |
Show Predefined |
Show or hide predefined handlers in the list. |
Show Custom |
Show or hide custom handlers in the list. |
Import / Export |
Export the selected event handlers or import an event handler you have exported. You can export one or more predefined or custom event handlers and import them into another ADOM or FortiAnalyzer. |
Factory Reset |
If you have modified a predefined event handler, return the selected predefined event handler to its factory default settings. |