Event handler support for SIEM normalized logs.
- On FortiAnalyzer, go to FortiSoC > Handlers > Event Handler List, and create a new event handler.
- Select SIEM in the Log Device Type, and complete the other settings like a normal FortiGate log based handler definition.
Device and subnet filters are also supported for SIEM log handlers.
Click OK to save the event handler.
- Go to FortiSoC > Event Monitor > All Events to check the event list for events generated by SIEM logs.
Double-click a log to see related logs, or right click the log and select View Log from the context menu.
In the context menu, select Search in Log View to see all logs associated with the event.