Fortinet black logo

New Features

Consolidate Event Handlers for FortiGate Security (UTM) Events

Copy Link
Copy Doc ID bc40d227-4cc1-11e9-94bf-00505692583a:801648
Download PDF

Consolidate Event Handlers for FortiGate Security (UTM) Events

In 6.0, several predefined event handlers exist for FortiGate. In 6.2, we leverage the latest event handler design to consolidate all of these handlers to a single handler with multiple filters.

To view the consolidated FGT event handler:
  1. In FortiAnalyzer, go to Incidents & Events > Event Handler List.
  2. The previous predefined FortiGate traffic and UTM log based handlers have been replaced with new updated consolidated traffic and UTM log based handlers.

    Screenshot displaying updated FortiGate traffic UTM log handler

Example of handler replacement:
  • Legacy UTM Antivirus Event (top-left in the example below) is now covered by the new Default-Malicious-File-Detection-By-Threat (right).
  • The new handler includes different filters for block and detect cases (rules, event message, event severity, event status), and customized additional info.

    Screenshot comparing legacy and new UTM handlers

Example of an event generated by the new Default-Malicious-File-Detection-By-Threat handler with the AV log: Malware Blocked.

Screenshot of new UTM malicious file handler alert

Example of an event generated by the legacy UTM Antivirus Event handler with the AV log: Malware Blocked.

Screenshot displaying legacy UTM AV handler alert

Consolidate Event Handlers for FortiGate Security (UTM) Events

In 6.0, several predefined event handlers exist for FortiGate. In 6.2, we leverage the latest event handler design to consolidate all of these handlers to a single handler with multiple filters.

To view the consolidated FGT event handler:
  1. In FortiAnalyzer, go to Incidents & Events > Event Handler List.
  2. The previous predefined FortiGate traffic and UTM log based handlers have been replaced with new updated consolidated traffic and UTM log based handlers.

    Screenshot displaying updated FortiGate traffic UTM log handler

Example of handler replacement:
  • Legacy UTM Antivirus Event (top-left in the example below) is now covered by the new Default-Malicious-File-Detection-By-Threat (right).
  • The new handler includes different filters for block and detect cases (rules, event message, event severity, event status), and customized additional info.

    Screenshot comparing legacy and new UTM handlers

Example of an event generated by the new Default-Malicious-File-Detection-By-Threat handler with the AV log: Malware Blocked.

Screenshot of new UTM malicious file handler alert

Example of an event generated by the legacy UTM Antivirus Event handler with the AV log: Malware Blocked.

Screenshot displaying legacy UTM AV handler alert