Fortinet black logo

New Features

Alerts on normalized logs 6.4.3

Copy Link
Copy Doc ID 437aa0e1-63d2-11ea-9384-00505692583a:360004
Download PDF

Alerts on normalized logs 6.4.3

Event handler support for SIEM normalized logs.

To create an event handler for SIEM normalized logs:
  1. On FortiAnalyzer, go to FortiSoC > Handlers > Event Handler List, and create a new event handler.
  2. Select SIEM in the Log Device Type, and complete the other settings like a normal FortiGate log based handler definition.

    Device and subnet filters are also supported for SIEM log handlers.
    Click OK to save the event handler.

  3. Go to FortiSoC > Event Monitor > All Events to check the event list for events generated by SIEM logs.

    Double-click a log to see related logs, or right click the log and select View Log from the context menu.

    In the context menu, select Search in Log View to see all logs associated with the event.

Alerts on normalized logs 6.4.3

Event handler support for SIEM normalized logs.

To create an event handler for SIEM normalized logs:
  1. On FortiAnalyzer, go to FortiSoC > Handlers > Event Handler List, and create a new event handler.
  2. Select SIEM in the Log Device Type, and complete the other settings like a normal FortiGate log based handler definition.

    Device and subnet filters are also supported for SIEM log handlers.
    Click OK to save the event handler.

  3. Go to FortiSoC > Event Monitor > All Events to check the event list for events generated by SIEM logs.

    Double-click a log to see related logs, or right click the log and select View Log from the context menu.

    In the context menu, select Search in Log View to see all logs associated with the event.