Looking for instructions to create some custom event handlers for the following and have a notification sent to an email address.
Failed login attempts on fortigates during specific hours.
IPSEC tunnels that are down for a specific amount of time.
FortiAnalyzer-VM64
V6.2.3 GA Build1235
Sounds like Generic Text Filter is the way to go. It allows to match against specific text in a message. As for timeframe, you'd have to include some logic that compares the dtime or itime fields to be > start-time & < end-time.
Older KB article but with good step-by-step instructions: https://kb.fortinet.com/kb/microsites/search.do?cmd=displayKC&docType=kc&externalId=FD35256
And from the admin guide: https://docs.fortinet.com/document/fortianalyzer/6.2.3/administration-guide/157132/using-the-generic...
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.