Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
1mm
Contributor

FortiAnalyzer Handlers

Hello,

 

We have deployed FortiAnalyzer in Azure and we connected several Fortigates to it. I configured "Basic Handlers" on FortiAnalyzer and enabled "Automation Stitch" because I would like to sent logs to fortigates and then do some automation, but I'm not sure where I can see this logs on Fortigates? And If i did wrong Handler will it be visible on Fortigates or how I can test Handlers? 

5 REPLIES 5
jasonhong
Staff
Staff

Hi,

 

Below doc guide will show you how to configure an automation stitch that is triggered by a FortiAnalyzer event handler as well as how to view the trigger event log.

 

https://docs.fortinet.com/document/fortigate/7.4.2/administration-guide/176287/fortianalyzer-event-h...

1mm
Contributor

Thanks @jasonhong for your reply,

Not sure how I can combine conditions in Logs handler.png

I would like to something like this: If user doesn't contain for example "@test.com" I would like to generate some alerts. 

1mm
Contributor

I did some combination, but without success 

1mm
Contributor

Hello, still waiting help 

Jack_wack
New Contributor III

1st: switch to matching any of the conditions

2nd: use only the generic text filter. Look up the related "log type" in the raw logs.

example: uid!~"test.com"

!~ means does not contain

reference: Using the Generic Text Filter

3rd: check if the handler has generated some events under fortiSOC

if not, you should read the FAZ guide. Especially the part how to create a custom handler

Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors