Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
RobertC
New Contributor II

Windows based event handlers

Hi,

I went through built-in event handlers in FAZ and found some windows privilege escalation handlers. Could I use them with Windows Servers without Forticlient installed? If so, is there any cookbook or docs how to set it up?

 

Thanks

Robert

1 Solution
jasonhong
Staff
Staff

Since event handler alerts are triggered based on the rules set. Depending on which exact type of event handlers, if the event handler rule trigger is based a certain log device type, it will require the exact logs from the specified device.

 

As per below sample, the log device type is for FortiClient. Hence, only FortiClient device type of logs will be able to trigger the event handler alerts.

Untitled.png

View solution in original post

1 REPLY 1
jasonhong
Staff
Staff

Since event handler alerts are triggered based on the rules set. Depending on which exact type of event handlers, if the event handler rule trigger is based a certain log device type, it will require the exact logs from the specified device.

 

As per below sample, the log device type is for FortiClient. Hence, only FortiClient device type of logs will be able to trigger the event handler alerts.

Untitled.png

Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors