Skip to main content
juanc
juanc
Explorer
October 22, 2025
Solved

Show incidents that were not blocked

  • October 22, 2025
  • 1 reply
  • 280 views

Hello,

 

I am a monitoring analyst, and I have access to FAZ1000F v7.6.3.

 

When I go to “Incidents & Events,” I find a large number of incidents, but when I take the source IP of these events and go to “Log View,” I find that the event was blocked by the firewall.

 

I understand that for FAZ it is an incident even if it has been contained, but it generates noise for me. I am interested in seeing only the incidents that were not blocked. Is this possible?

 

If so, how can I do it?

 

Thank you.

 

 

Best answer by filiaks1

What about clonning the event handler and making your own that makes incidents for logs that are for not blocked attacks ?

 

Raising an incident | FortiAnalyzer 7.6.4 | Fortinet Document Library

Creating a custom event handler | FortiAnalyzer 7.6.4 | Fortinet Document Library

1 reply

filiaks1
filiaks1Answer
Explorer III
October 23, 2025

What about clonning the event handler and making your own that makes incidents for logs that are for not blocked attacks ?

 

Raising an incident | FortiAnalyzer 7.6.4 | Fortinet Document Library

Creating a custom event handler | FortiAnalyzer 7.6.4 | Fortinet Document Library

    Terms & ConditionsAccessibility statement