Fortinet Document Library

Version:

Version:


Table of Contents

New Features

Download PDF
Copy Link

FortiAI report and event handler 7.0.2

FortiAnalyzer 7.0.2 adds a Factory-default FortiAI Breach Prevention Report and a FortiAI Malware Detection Event Handler.

To view FortiAI event handlers:
  1. Go to FortiSoC > Handlers > Event Handler List.
    The Default-FAI-Malware-Detection-By-FAI device handler is added and is disabled by default.
  2. Right click on the event handler and select Enable.

  3. The default FortiAI event handler detects FortiAI attack logs and generates alerts when there are malware logs that exactly matches over 1440 minutes.
  4. You can view generated alerts in Event Monitor > All Events.
To manage FortiAI reports:
  1. Go to Report > Report Definitions > Chart Library.
    Multiple FortiAI charts have been added.
  2. Go to Report > Report Definitions > Macro Library.
    Macros have been added for FortiAI files Accept/Detected/Processed.

  3. Go to Report > Report Definitions > Datasets.
    Datasets have been added for FortiAI Attack and Event logs.
  4. Go to Report > Report Definitions > All Reports.
    A new folder has been created for FortiAI devices with a default report called FortiAI Breach Prevention Report. You can right click to edit, clone, delete, or run the report.

    The report can be run and generated in a HTML, PDF, XML, and CSV format, which can be viewed from Reports > Generated Reports.

    Below is an example report.



FortiAI report and event handler 7.0.2

FortiAnalyzer 7.0.2 adds a Factory-default FortiAI Breach Prevention Report and a FortiAI Malware Detection Event Handler.

To view FortiAI event handlers:
  1. Go to FortiSoC > Handlers > Event Handler List.
    The Default-FAI-Malware-Detection-By-FAI device handler is added and is disabled by default.
  2. Right click on the event handler and select Enable.

  3. The default FortiAI event handler detects FortiAI attack logs and generates alerts when there are malware logs that exactly matches over 1440 minutes.
  4. You can view generated alerts in Event Monitor > All Events.
To manage FortiAI reports:
  1. Go to Report > Report Definitions > Chart Library.
    Multiple FortiAI charts have been added.
  2. Go to Report > Report Definitions > Macro Library.
    Macros have been added for FortiAI files Accept/Detected/Processed.

  3. Go to Report > Report Definitions > Datasets.
    Datasets have been added for FortiAI Attack and Event logs.
  4. Go to Report > Report Definitions > All Reports.
    A new folder has been created for FortiAI devices with a default report called FortiAI Breach Prevention Report. You can right click to edit, clone, delete, or run the report.

    The report can be run and generated in a HTML, PDF, XML, and CSV format, which can be viewed from Reports > Generated Reports.

    Below is an example report.