Importing and exporting event handlers
You can import and export event handlers. This feature allows you to develop custom event handlers and deploy them in bulk to other ADOMs or FortiAnalyzer units. To do so, export the custom event handlers, and then import them into the ADOMs or FortiAnalyzer units where you want them deployed. You can also export event handlers as part of your backup procedure, if needed.
To export event handlers:
- Go to FortiSoC/Incidents & Events > Handlers > Event Handler List.
If exporting a correlation handler, go to FortiSoC/Incidents & Events > Handlers > Correlation Handler List.
- Select the event handler(s) to export, and click More > Export.
You can also right-click the event handler and select Export.
- Enable Include Data Selectors, if needed.
- Enable Include Notification Profiles, if needed.
- In the Select Export Data Type field, select Zipped, Text, or CLI.
If the data type is Zipped or Text, it will be saved as a JSON file. If the data type is CLI, it will be saved as CONF file.
- Click OK to save the export file.
To import handlers:
- Go to FortiSoC/Incidents & Events > Handlers > Event Handler List.
If importing a correlation handler, go to FortiSoC/Incidents & Events > Handlers > Correlation Handler List.
- Click More > Import.
The Import Event Handler dialog displays.
- Drag and drop the exported event handler JSON or CONF file into the import dialog, or click Browse to locate the file on the management computer.
You can import multiple event handlers at a time.
- Click OK to import the event handler(s).
If the imported event handler's name already exists, you will be asked if you want to Rename, Replace, or Skip. If you select Rename, the Unix epoch timestamp will be automatically appended to the imported event handler's name. For example, App Ctrl Event‘1544644459276775. The name can be edited as required after importing. |
If the imported file is the wrong format or has an error, the system will report an error. |