List of predefined event handlers
FortiAnalyzer includes predefined event handlers for FortiGate and FortiCarrier devices that you can use to generate events.
Event Handler |
Description |
---|---|
Application Crashed Event |
Enabled by default
|
Conserve Mode |
Disabled by default
|
Default-Botnet-Communication-Detection (Filters 1 – 5) |
Disabled by default Filter 1:
Filter 2:
Filter 3:
Filter 4:
Filter 5:
|
Default-Botnet-Communication-Detection (Filters 6 – 7) |
Filter 6:
Filter 7:
|
FOS Event Log Higher Than Warning |
Enabled by default
|
HA Failover |
Disabled by default
|
Interface Down |
Disabled by default
|
Interface Up |
Disabled by default
|
IPS - Critical Severity |
Enabled by default
|
IPS - High Severity |
Enabled by default
|
IPS - Low Severity |
Disabled by default
|
IPS - Medium Severity |
Disabled by default
|
IPsec Phase2 Down |
Disabled by default
|
IPsec Phase2 Up |
Disabled by default
|
Local Device Event |
Found only in the Root ADOM. Enabled by default
|
Malware Traffic Allowed By AntiVirus |
Disabled by default
|
Malware Traffic Allowed by FortiSandbox |
Disabled by default
|
Malware Traffic Blocked by AntiVirus |
Disabled by default
|
Malware Traffic Blocked by FortiSandbox Signature Update |
Disabled by default
|
Power Supply Failure |
Disabled by default
|
UTM Antivirus Event |
Enabled by default
|
UTM App Ctrl Event |
Enabled by default
|
UTM DLP Event |
Disabled by default
|
UTM Web Filter Event |
Enabled by default
|