Fortinet Document Library

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:


Table of Contents

Administration Guide

Importing and exporting event handlers

You can import and export event handlers. This feature allows you to develop custom event handlers and deploy them in bulk to other ADOMs or FortiAnalyzer units. Simply export the custom event handlers, then import them into the ADOMs or units where you want them deployed. You can also export event handlers as part of your backup procedure.

To export event handlers:
  1. Go to FortiSoC/Incidents & Events and select Handlers > Event Handler List.
  2. Select the event handler or handlers that you are exporting, then right click on one or select More from the toolbar, and click Export.

    Screenshot displayinig Incidents & Events export

  3. Save the exported JSON file to your management computer.

    Screenshot displaying export file being saved.

To import event handlers:
  1. Go to FortiSoC/Incidents & Events and select Handlers > Event Handler List.
  2. Right click in the event handler list or select More from the toolbar, and click Import.
    The Import Event Handler dialog box opens.
  3. Drag the event handler JSON file onto the import dialog box, or click Browse to locate the file on the management computer.

    Screenshot displaying imported event handler file

  4. Click OK to import the event handler or handlers.
Note

If the imported event handler's name already exists, the Unix epoch timestamp will be automatically appended to the imported handler's name, for example: App Ctrl Event‘1544644459276775. The name can be edited as required after importing.

Note

If the imported file is the wrong format or has an error, the system will report an error.

Screenshot of error message when import error has occurred.

Importing and exporting event handlers

You can import and export event handlers. This feature allows you to develop custom event handlers and deploy them in bulk to other ADOMs or FortiAnalyzer units. Simply export the custom event handlers, then import them into the ADOMs or units where you want them deployed. You can also export event handlers as part of your backup procedure.

To export event handlers:
  1. Go to FortiSoC/Incidents & Events and select Handlers > Event Handler List.
  2. Select the event handler or handlers that you are exporting, then right click on one or select More from the toolbar, and click Export.

    Screenshot displayinig Incidents & Events export

  3. Save the exported JSON file to your management computer.

    Screenshot displaying export file being saved.

To import event handlers:
  1. Go to FortiSoC/Incidents & Events and select Handlers > Event Handler List.
  2. Right click in the event handler list or select More from the toolbar, and click Import.
    The Import Event Handler dialog box opens.
  3. Drag the event handler JSON file onto the import dialog box, or click Browse to locate the file on the management computer.

    Screenshot displaying imported event handler file

  4. Click OK to import the event handler or handlers.
Note

If the imported event handler's name already exists, the Unix epoch timestamp will be automatically appended to the imported handler's name, for example: App Ctrl Event‘1544644459276775. The name can be edited as required after importing.

Note

If the imported file is the wrong format or has an error, the system will report an error.

Screenshot of error message when import error has occurred.