This feature enhancement allows you to configure pre-filters for all available log fields in the Event Handlers without using the Generic Text Filter for each filter. This improves the accuracy of the allowlist in the alerts, and simplifies Event Handler configuration.
Before this feature enhancement was implemented, you could only configure allowlist filters per Device Type and Log Type within each filter by editing the Generic Text Filter field. The Generic Text Filter field is still availabe for use.
- Go to FortiSOC > Handlers > Event Handler List.
- In the toolbar, click Create New. The Create New Handler window opens.
- Click Add Pre-Filter. The Pre-Filter dialog opens.
- Configure the Pre-filter settings, and click OK.
- Click the Add icon (+) to add another pre-filter.
You can only configure one pre-filter for the same Device Type and Log Type. Configuring more than one pre-filter for the same Device and Log type may cause unexpected behavior.