Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
RobertC
New Contributor II

Created on ‎02-02-2024 03:11 AM

Windows based event handlers

Hi,

I went through built-in event handlers in FAZ and found some windows privilege escalation handlers. Could I use them with Windows Servers without Forticlient installed? If so, is there any cookbook or docs how to set it up?

 

Thanks

Robert

Labels:
201
0 Kudos
1 Solution
jasonhong
Staff
Staff

Created on ‎02-02-2024 10:49 PM

Since event handler alerts are triggered based on the rules set. Depending on which exact type of event handlers, if the event handler rule trigger is based a certain log device type, it will require the exact logs from the specified device.

 

As per below sample, the log device type is for FortiClient. Hence, only FortiClient device type of logs will be able to trigger the event handler alerts.

Untitled.png

View solution in original post

173
0 Kudos
1 REPLY 1
jasonhong
Staff
Staff

Created on ‎02-02-2024 10:49 PM

Since event handler alerts are triggered based on the rules set. Depending on which exact type of event handlers, if the event handler rule trigger is based a certain log device type, it will require the exact logs from the specified device.

 

As per below sample, the log device type is for FortiClient. Hence, only FortiClient device type of logs will be able to trigger the event handler alerts.

Untitled.png

174
0 Kudos
Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.