Windows based event handlers

RobertC · ‎02-02-2024

Hi,

I went through built-in event handlers in FAZ and found some windows privilege escalation handlers. Could I use them with Windows Servers without Forticlient installed? If so, is there any cookbook or docs how to set it up?

Thanks

Robert

jasonhong · ‎02-02-2024

Since event handler alerts are triggered based on the rules set. Depending on which exact type of event handlers, if the event handler rule trigger is based a certain log device type, it will require the exact logs from the specified device.

As per below sample, the log device type is for FortiClient. Hence, only FortiClient device type of logs will be able to trigger the event handler alerts.

View solution in original post

jasonhong · ‎02-02-2024

Since event handler alerts are triggered based on the rules set. Depending on which exact type of event handlers, if the event handler rule trigger is based a certain log device type, it will require the exact logs from the specified device.

As per below sample, the log device type is for FortiClient. Hence, only FortiClient device type of logs will be able to trigger the event handler alerts.

Windows based event handlers

Nominate a Forum Post for Knowledge Article Creation