Consolidate Event Handlers for FortiGate Security (UTM) Events
In 6.0, several predefined event handlers exist for FortiGate. In 6.2, we leverage the latest event handler design to consolidate all of these handlers to a single handler with multiple filters.
To view the consolidated FGT event handler:
- In FortiAnalyzer, go to Incidents & Events > Event Handler List.
- The previous predefined FortiGate traffic and UTM log based handlers have been replaced with new updated consolidated traffic and UTM log based handlers.
Example of handler replacement:
- Legacy UTM Antivirus Event (top-left in the example below) is now covered by the new Default-Malicious-File-Detection-By-Threat (right).
- The new handler includes different filters for block and detect cases (rules, event message, event severity, event status), and customized additional info.
Example of an event generated by the new Default-Malicious-File-Detection-By-Threat handler with the AV log: Malware Blocked.
Example of an event generated by the legacy UTM Antivirus Event handler with the AV log: Malware Blocked.