Fortinet black logo

Administration Guide

Managing event handlers

Managing event handlers

To manage basic event handlers, go to FortiSoC/Incidents & Events > Handlers > Event Handler List.

To manage correlation event handlers, go to FortiSoC/Incidents & Events > Handlers > Correlation Handler List.

These panes list the predefined and custom event handlers. An icon in the Status column indicates if the event handler is enabled or disabled.

The following options are available:

Option

Description

Create New

Create a new event handler.

Edit

Edit the selected event handler.

Some fields in predefined event handlers cannot be modified, such as the name, description and filter settings. However, you can clone the predefined event handler to create a custom event handler and modify its settings according to your needs.

Delete

Delete the selected event handler.

You cannot delete predefined event handlers.

Clone

Clone the selected event handler.

You can clone a predefined event handler and modify it to create a custom event handler.

Enable / Disable

Enable or disable the selected event handler to start or stop generating events. The current status is indicated by an icon in the Status column.

Generated events are displayed on the FortiSoC/Incidents & Events > Event Monitor > All Events pane.

Show Predefined

Show or hide predefined event handlers in the list.

Show Custom

Show or hide custom event handlers in the list.

Import / Export

Export the selected event handlers or import a event handler that you have exported.

You can export event handlers and import them into another ADOM or FortiAnalyzer.

Factory Reset

If you have modified a predefined event handler, return the selected predefined event handler to its factory default settings.

Managing event handlers

To manage basic event handlers, go to FortiSoC/Incidents & Events > Handlers > Event Handler List.

To manage correlation event handlers, go to FortiSoC/Incidents & Events > Handlers > Correlation Handler List.

These panes list the predefined and custom event handlers. An icon in the Status column indicates if the event handler is enabled or disabled.

The following options are available:

Option

Description

Create New

Create a new event handler.

Edit

Edit the selected event handler.

Some fields in predefined event handlers cannot be modified, such as the name, description and filter settings. However, you can clone the predefined event handler to create a custom event handler and modify its settings according to your needs.

Delete

Delete the selected event handler.

You cannot delete predefined event handlers.

Clone

Clone the selected event handler.

You can clone a predefined event handler and modify it to create a custom event handler.

Enable / Disable

Enable or disable the selected event handler to start or stop generating events. The current status is indicated by an icon in the Status column.

Generated events are displayed on the FortiSoC/Incidents & Events > Event Monitor > All Events pane.

Show Predefined

Show or hide predefined event handlers in the list.

Show Custom

Show or hide custom event handlers in the list.

Import / Export

Export the selected event handlers or import a event handler that you have exported.

You can export event handlers and import them into another ADOM or FortiAnalyzer.

Factory Reset

If you have modified a predefined event handler, return the selected predefined event handler to its factory default settings.