Fortinet black logo

Administration Guide

Add a trigger

Copy Link
Copy Doc ID 825689eb-200d-11e9-b6f6-f8bc1258b856:316039
Download PDF

Add a trigger

Note

To verify that events are being captured, create a “Catch All” rule to log the security events.

  1. Select Policy > Policy Configuration.
  2. In the menu on the left expand Security Rules.
  3. Click Triggers.
  4. Click the Add button or select an existing security trigger and click Modify.
  5. Click in the Name field and enter a name for this security trigger.
  6. Use the table below to enter the security trigger information.
  7. Click OK to save your security rule trigger.

Settings

Field

Definition

Name

A name for this security trigger.

Time Limit

The amount of time within which the incoming events must occur before satisfying the trigger.

Filter Match

Select whether any size subset of the security filters must be matched in order to satisfy the trigger.

Not currently in use/In use by

Indicates whether the trigger is in use, and the number of rules currently associated with the trigger.

Security filters

Frequency

The number of times the security event must occur from the vendor in order to satisfy the trigger.

Vendor

The name of the vendor that is sending the security event.

Type

Specifies the type of security event.

Sub Type

Specifies the subtype of security event.

Threat ID

A unique identifying code supplied by the vendor for the specific type of threat or event that occurred.

Description

A textual description supplied by the security appliance of the event.

Severity

The range within which the threat level must be defined in order to satisfy the trigger.

Number of Custom Fields

The number of custom fields that were added to the filter.

Add button

Click to add a filter.

Modify button

Click to modify a selected filter.

Delete button

Click to delete a selected filter.

Not currently in use/In use by

Indicates whether the action is in use, and the number of rules currently associated with the action.

Add a trigger

Note

To verify that events are being captured, create a “Catch All” rule to log the security events.

  1. Select Policy > Policy Configuration.
  2. In the menu on the left expand Security Rules.
  3. Click Triggers.
  4. Click the Add button or select an existing security trigger and click Modify.
  5. Click in the Name field and enter a name for this security trigger.
  6. Use the table below to enter the security trigger information.
  7. Click OK to save your security rule trigger.

Settings

Field

Definition

Name

A name for this security trigger.

Time Limit

The amount of time within which the incoming events must occur before satisfying the trigger.

Filter Match

Select whether any size subset of the security filters must be matched in order to satisfy the trigger.

Not currently in use/In use by

Indicates whether the trigger is in use, and the number of rules currently associated with the trigger.

Security filters

Frequency

The number of times the security event must occur from the vendor in order to satisfy the trigger.

Vendor

The name of the vendor that is sending the security event.

Type

Specifies the type of security event.

Sub Type

Specifies the subtype of security event.

Threat ID

A unique identifying code supplied by the vendor for the specific type of threat or event that occurred.

Description

A textual description supplied by the security appliance of the event.

Severity

The range within which the threat level must be defined in order to satisfy the trigger.

Number of Custom Fields

The number of custom fields that were added to the filter.

Add button

Click to add a filter.

Modify button

Click to modify a selected filter.

Delete button

Click to delete a selected filter.

Not currently in use/In use by

Indicates whether the action is in use, and the number of rules currently associated with the action.