FortiAnalyzer event handler trigger

You can trigger automation stitches based on FortiAnalyzer event handlers. This allows you to define rules based on complex correlations across devices, log types, frequencies, and other criteria.

To set up a FortiAnalyzer event handler trigger:

  1. Configure a FortiGate event handler on the FortiAnalyzer
  2. Configure FortiAnalyzer logging on the FortiGate
  3. Configure an automation stitch that is triggered by a FortiAnalyzer event handler

Configure a FortiGate event handler on the FortiAnalyzer

On the FortiAnalyzer, configure an event handler for the automation stitch. In this example, the event handler is triggered when an administrator logs in to the FortiGate. See Creating a custom event handler in the FortiAnalyzer Administration Guide for more information.

To configure an event handler on the FortiAnalyzer:
  1. Go to FortiSoC > Handlers > FortiGate Event Handlers, and click Create New.
  2. Configure an event handler with two conditions for the automation stitch:

    Log Type