Fortinet black logo

New Features

Home FortiAnalyzer 7.0.0 New Features

Event handler configuration improvements 7.0.3

7.0.0
7.4.0
7.2.0
7.0.0
6.4.0
6.2.3
6.2.2
6.2.1
6.2.0
Copy Link
Copy Doc ID 6dd8af04-513d-11eb-b9ad-00505692583a:929018
Download PDF

Event handler configuration improvements 7.0.3

Event Handler configuration is improved to support more values for 'Group by' and to setup custom Event Type, Event Status and Indicators.

To view improvements to event handlers:
  1. Go to FortiSoC > Handlers > Event Handler List, and click Create New.
  2. FortiAnalyzer event handlers now support up to three GroupBy values in the filter settings.

    In the Event Monitor, users can enable the Group By, Group By 2, and Group By 3 columns or filter by these groups.

  3. FortiAnalyzer event handlers support customized event statuses and event types. Users can manually enter in a custom event status or type, or leave the field blank to use the default values.

    Customized event types and event statuses can be viewed from the Event Monitor.
  4. FortiAnalyzer event handlers include the Indicators field. Indicators keep track of distinct values for certain log fields chosen by the user. Each filter allows for up to five indicators, and each indicator can store up to 10 values.

    A new clickable Indicators column is available in the Event Monitor. When a user clicks on an indicator, a dialog window appears to display the details of the indicators including their name, type, and values.

    When an incident is raised from an event which includes the indicators field, you can view indicator details in the Indicators tab under the incident timeline.
Previous
Next

Event handler configuration improvements 7.0.3

Event Handler configuration is improved to support more values for 'Group by' and to setup custom Event Type, Event Status and Indicators.

To view improvements to event handlers:
  1. Go to FortiSoC > Handlers > Event Handler List, and click Create New.
  2. FortiAnalyzer event handlers now support up to three GroupBy values in the filter settings.

    In the Event Monitor, users can enable the Group By, Group By 2, and Group By 3 columns or filter by these groups.

  3. FortiAnalyzer event handlers support customized event statuses and event types. Users can manually enter in a custom event status or type, or leave the field blank to use the default values.

    Customized event types and event statuses can be viewed from the Event Monitor.
  4. FortiAnalyzer event handlers include the Indicators field. Indicators keep track of distinct values for certain log fields chosen by the user. Each filter allows for up to five indicators, and each indicator can store up to 10 values.

    A new clickable Indicators column is available in the Event Monitor. When a user clicks on an indicator, a dialog window appears to display the details of the indicators including their name, type, and values.

    When an incident is raised from an event which includes the indicators field, you can view indicator details in the Indicators tab under the incident timeline.
Previous
Next