Working with Event Types
After parsing an event or log, FortiSIEM assigns a unique event type to that event/log. When you create a new custom parser for device logs, you have to add a new event type to FortiSIEM so the log events can be identified.
This section provides the procedure to create event types.
Adding an event type
Follow the procedure below to add an event:
- Go to ADMIN > Device Support> Event tab.
- Click New.
- In the Event Type Definition dialog box, enter the information below.
Settings Guidelines Name [Required] Event type name - must begin with "PH_DEV_MON_CUST_" Display Name [Required] Display name of the event type Event Type Group [Required] Select the type of group for the event Severity [Required] Severity (0 - lowest) to 10 (highest) Description Description of the event type - Click Save.
The new event appears in the table. - Select the event(s) from the list and click Apply.
Modifying an event type
Follow the procedure below to modify an event type:
- Select one or more event attribute(s) to edit from the list.
- Click the required option from the following table.
- Edit - To modify the settings of a selected event(s).
- Delete - To delete an event.
- Clone - To duplicate an event.
- Click Save.
Copyright © 2020 Fortinet, Inc. All Rights Reserved. | Terms of Service | Privacy Policy
