Predefined event handlers
FortiAnalyzer includes predefined event handlers for FortiGate and FortiCarrier devices that you can use to generate events. You can easily create a custom event handler by cloning a predefined event handler and customizing its settings. See Cloning event handlers.
The following are a sample of predefined event handlers. To see all predefined event handlers, go to Event Manager > Event Monitor > Event Handler List and select Show Predefined.
Event Handler |
Description |
---|---|
Application Crashed Event |
Enabled by default
|
Default - Sandbox-Detection |
Disabled by default Filter 1:
Filter 2:
Filter 3:
|
Default-Compromised Host-Detection-by IOC |
Disabled by default Filter 1:
Filter 2:
Filter 3:
|
IPS - Critical Severity |
Enabled by default
|
Local Device Event |
Available only in the Root ADOM. Enabled by default
|
UTM Antivirus Event |
Enabled by default
|
UTM Web Filter Event |
Enabled by default
|