Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY 7.0.4
Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Products Best Practices Hardware Guides Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
All Products
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Web Application Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
    • More >>
    Unified SASE
  • Single Vendor SASE
  • Cloud Network Security
  • Secure Endpoint Connectivity
  • Web Application / API Protection
    • More >>
    Security Operations
  • Security Operations Automation
  • Identity
  • Early Detection & Prevention
    • More >>
    Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
  • Communication & Surveillance
    • Unified SASE
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Cloud Network Security
  • Cloud-Native Security
  • Web Application / API Protection
    • Security Operations
  • Security Operations Automation
  • Endpoint
  • Data Protection
  • Identity
  • Email
  • Early Detection & Prevention
  • Expert Services
  • Edge Firewall
  • Orchestration & management
  • SD Branch
  • Application Delivery
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Secure Private Access
  • Thin Edge
  • Identity
  • Application Gateway
  • Enterprise Asset Management
  • Endpoint Agent
  • Agentless Security Posture
  • Identity
  • Wireless
  • Switching
  • Identity
  • Privilege Acccess Management
  • Next Generation Firewall
  • Orchestration & management
  • Expert Services
  • Web Application / API Protection
  • All
  • All
  • Account Management
  • SAAS Management
  • SAAS Application Security
  • Managed Services
  • Platform as a service (PAAS)
  • Other SAAS Services
    • 4D Resources
    Solution Hubs
  • 4D Pillars
  • Cloud
  • Popular Solutions
    • All Products

    User Guide

    Home FortiSIEM 7.0.4 User Guide
    7.0.4
    7.5.1
    7.5.0
    7.4.2
    7.4.1
    7.4.0
    7.3.5
    7.3.4
    7.3.3
    7.3.2
    7.3.1
    7.3.0
    7.2.7
    7.2.6
    7.2.5
    7.2.4
    7.2.3
    7.2.2
    7.2.1
    7.2.0
    7.1.9
    7.1.8
    7.1.7
    7.1.6
    7.1.5
    7.1.4
    7.1.3
    7.1.2
    7.1.1
    7.1.0
    7.0.4
    7.0.3
    7.0.2
    7.0.1
    7.0.0
    4.10.0
    4.9.0
    4.8.1
    4.7.2

    Working with Event Types

    Working with Event Types

    After parsing an event or log, FortiSIEM assigns a unique event type to that event/log. When you create a new custom parser for device logs, you have to add a new event type to FortiSIEM so the log events can be identified.

    This section provides the procedure to create event types.

    Adding an Event Type

    Complete these steps to add an event:

    1. Go to ADMIN > Device Support> Event Types tab.
    2. Click New.
    3. In the Event Definition dialog box, enter the information below.

      SettingsGuidelines
      Name[Required] If the event will be used for Custom Monitoring, the Event Type name must begin with PH_DEV_MON_CUST_.

      See here for more details on Custom Monitoring.
      Device Type[Required] Select a device from the drop-down list.
      Event Type Group[Required] Select the type of group for the event.
      Severity[Required] Severity (0 - lowest) to 10 (highest).
      DescriptionDescription of the event type.
    4. Click Save.
      The new event appears in the table.
    5. Select the event(s) from the list and click Apply.

    You can also use the Clone option to duplicate and modify an existing event type.

    Modifying an Event Type

    Complete these steps to modify an event type:

    1. Select one or more event attribute(s) to edit from the list.
    2. Click the required option from the following table.
      • Edit - To modify the settings of a selected event(s).
      • Delete - To delete an event type.
    3. Click Save.
    Previous
    Next

    Working with Event Types

    Working with Event Types

    After parsing an event or log, FortiSIEM assigns a unique event type to that event/log. When you create a new custom parser for device logs, you have to add a new event type to FortiSIEM so the log events can be identified.

    This section provides the procedure to create event types.

    Adding an Event Type

    Complete these steps to add an event:

    1. Go to ADMIN > Device Support> Event Types tab.
    2. Click New.
    3. In the Event Definition dialog box, enter the information below.

      SettingsGuidelines
      Name[Required] If the event will be used for Custom Monitoring, the Event Type name must begin with PH_DEV_MON_CUST_.

      See here for more details on Custom Monitoring.
      Device Type[Required] Select a device from the drop-down list.
      Event Type Group[Required] Select the type of group for the event.
      Severity[Required] Severity (0 - lowest) to 10 (highest).
      DescriptionDescription of the event type.
    4. Click Save.
      The new event appears in the table.
    5. Select the event(s) from the list and click Apply.

    You can also use the Clone option to duplicate and modify an existing event type.

    Modifying an Event Type

    Complete these steps to modify an event type:

    1. Select one or more event attribute(s) to edit from the list.
    2. Click the required option from the following table.
      • Edit - To modify the settings of a selected event(s).
      • Delete - To delete an event type.
    3. Click Save.
    Previous
    Next