Would anybody be able to tell me what the differences are between the "Event Handler List" and "FortiGate Event Handlers" in FortiAnalyzer/FortiManager? The documentation is very vague on FortiGate Event Handlers. Adding a FortiGate Event Handler doesn't seem to do anything. The Event Handler List works as expected.
FortiGate event handlers All FortiGates added to FortiAnalyzer use a default event handler on the FortiAnalyzer side to receive high severity events such as Botnet Communication, IPS Attack Pass Through, and Virus Pass Through AntiVirus. You can create custom FortiGate event handlers. The triggered event from FortiGate Event Handler is not shown in the FortiAnalyzer GUI. The events are pushed to the FortiGate for further processing.
the FGT Event Handlers are for FortiOS automation only.
Whenever the FAZ has a match in the FGT Event Handler it informs the FGT about it and depending on the configuration of the FGT the FGT takes action. (Quarantine, IP BAN .....)
The FGT Events triggered by the FGT Event Handlers are not displayed in the FAZ Event Manager.
