Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:


Table of Contents

Administration Guide

FortiGate event handlers

All FortiGates added to FortiAnalyzer use a default event handler on the FortiAnalyzer side to receive high severity events such as Botnet Communication, IPS Attack Pass Through, and Virus Pass Through AntiVirus.

You can find this event handler in FortiSoC/Incidents & Events > Handlers > FortiGate Event Handlers. You can also create new FortiGate event handlers and manage them from this pane. For more information, see Creating a custom event handler.

Events generated from FortiGate event handlers are not shown in the FortiSoC/Incidents & Events > Event Monitor. Instead, the FortiAnalyzer sends a notification to the FortiGate automation framework. If an automation stitch is configured on the FortiGate, the notification will trigger the related automation stitch and activate an action in response. For example, the FortiGate could send a custom email notification, execute a CLI script, and/or perform a system action in response to the trigger. For more information about automation stitches, including their triggers and actions, see the FortGate/FortiOS Administration Guide.

Note

To receive the notifications from FortiAnalyzer on the FortiGate device, you must configure FortiAnalyzer logging on the FortiGate device.

To use the notifications as part of an automation stitch, you must configure a trigger for each FortiGate event handler on the FortiGate device, including the default FortiGate event handler (Default-Botnet-Communication-Detection).

For more information about configuring FortiAnalyzer logging and automation stitch triggers, see the FortiGate/FortiOS Administration Guide.

FortiGate event handlers

All FortiGates added to FortiAnalyzer use a default event handler on the FortiAnalyzer side to receive high severity events such as Botnet Communication, IPS Attack Pass Through, and Virus Pass Through AntiVirus.

You can find this event handler in FortiSoC/Incidents & Events > Handlers > FortiGate Event Handlers. You can also create new FortiGate event handlers and manage them from this pane. For more information, see Creating a custom event handler.

Events generated from FortiGate event handlers are not shown in the FortiSoC/Incidents & Events > Event Monitor. Instead, the FortiAnalyzer sends a notification to the FortiGate automation framework. If an automation stitch is configured on the FortiGate, the notification will trigger the related automation stitch and activate an action in response. For example, the FortiGate could send a custom email notification, execute a CLI script, and/or perform a system action in response to the trigger. For more information about automation stitches, including their triggers and actions, see the FortGate/FortiOS Administration Guide.

Note

To receive the notifications from FortiAnalyzer on the FortiGate device, you must configure FortiAnalyzer logging on the FortiGate device.

To use the notifications as part of an automation stitch, you must configure a trigger for each FortiGate event handler on the FortiGate device, including the default FortiGate event handler (Default-Botnet-Communication-Detection).

For more information about configuring FortiAnalyzer logging and automation stitch triggers, see the FortiGate/FortiOS Administration Guide.