Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Products Best Practices Hardware Guides Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
    • More >>
    Unified SASE
  • Single Vendor SASE
  • Cloud Network Security
  • Secure Endpoint Connectivity
  • Web Application / API Protection
    • More >>
    Security Operations
  • Security Operations Automation
  • Identity
  • Early Detection & Prevention
    • More >>
    Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
  • Communication & Surveillance
    • Unified SASE
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Cloud Network Security
  • Cloud-Native Security
  • Web Application / API Protection
    • Security Operations
  • Security Operations Automation
  • Endpoint
  • Data Protection
  • Identity
  • Email
  • Early Detection & Prevention
  • Expert Services
  • Edge Firewall
  • Orchestration & management
  • SD Branch
  • Application Delivery
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Secure Private Access
  • Thin Edge
  • Identity
  • Application Gateway
  • Enterprise Asset Management
  • Endpoint Agent
  • Agentless Security Posture
  • Identity
  • Wireless
  • Switching
  • Identity
  • Privilege Acccess Management
  • Next Generation Firewall
  • Orchestration & management
  • Expert Services
  • All
  • All
  • Account Management
  • SAAS Management
  • SAAS Application Security
  • Managed Services
  • Platform as a service (PAAS)
  • Other SAAS Services
    • 4D Resources
    Solution Hubs
  • 4D Pillars
  • Cloud
  • Popular Solutions

    • Administration Guide

    Home FortiNAC 9.4.0 Administration Guide
    9.4.0
    9.4.0
    9.2.0
    9.1.0
    8.8.0
    8.7.0
    8.6.0
    8.5.2
    8.3.0

    Add a trigger

    Add a trigger

    To verify that events are being captured, create a catch all rule to log the security events.

    1. Select Logs > Security Incidents > Triggers
    2. Click Add or select an existing security trigger and click Modify.
    3. Click in the Name field and enter a name for this security trigger.
    4. Use the table below to enter the security trigger information.
    5. Click OK to save your security rule trigger.

    Settings

    Field

    Definition

    Name

    A name for this security trigger.

    Time Limit

    The amount of time within which the incoming events must occur before satisfying the trigger.

    Filter Match

    Select whether any size subset of the security filters must be matched in order to satisfy the trigger.

    Not currently in use/In use by

    Indicates whether the trigger is in use, and the number of rules currently associated with the trigger.

    Security filters

    Frequency

    The number of times the security event must occur from the vendor in order to satisfy the trigger.

    Vendor

    The name of the vendor that is sending the security event.

    Type

    Specifies the type of security event.

    Sub Type

    Specifies the subtype of security event.

    Threat ID

    A unique identifying code supplied by the vendor for the specific type of threat or event that occurred.

    Description

    A textual description supplied by the security appliance of the event.

    Severity

    The range within which the threat level must be defined in order to satisfy the trigger.

    Number of Custom Fields

    The number of custom fields that were added to the filter.

    Add

    Click to add a filter.

    Modify

    Click to modify a selected filter.

    Delete

    Click to delete a selected filter.

    Not currently in use/In use by

    Indicates whether the action is in use, and the number of rules currently associated with the action.
    Previous
    Next

    Add a trigger

    Add a trigger

    To verify that events are being captured, create a catch all rule to log the security events.

    1. Select Logs > Security Incidents > Triggers
    2. Click Add or select an existing security trigger and click Modify.
    3. Click in the Name field and enter a name for this security trigger.
    4. Use the table below to enter the security trigger information.
    5. Click OK to save your security rule trigger.

    Settings

    Field

    Definition

    Name

    A name for this security trigger.

    Time Limit

    The amount of time within which the incoming events must occur before satisfying the trigger.

    Filter Match

    Select whether any size subset of the security filters must be matched in order to satisfy the trigger.

    Not currently in use/In use by

    Indicates whether the trigger is in use, and the number of rules currently associated with the trigger.

    Security filters

    Frequency

    The number of times the security event must occur from the vendor in order to satisfy the trigger.

    Vendor

    The name of the vendor that is sending the security event.

    Type

    Specifies the type of security event.

    Sub Type

    Specifies the subtype of security event.

    Threat ID

    A unique identifying code supplied by the vendor for the specific type of threat or event that occurred.

    Description

    A textual description supplied by the security appliance of the event.

    Severity

    The range within which the threat level must be defined in order to satisfy the trigger.

    Number of Custom Fields

    The number of custom fields that were added to the filter.

    Add

    Click to add a filter.

    Modify

    Click to modify a selected filter.

    Delete

    Click to delete a selected filter.

    Not currently in use/In use by

    Indicates whether the action is in use, and the number of rules currently associated with the action.
    Previous
    Next