Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
Dan_Dan
New Contributor

Event notification for IOC

Does anyone have any suggestions on how to add an IOC event into event management, so that I can be notified via email?

4 REPLIES 4
Dan_Dan
New Contributor

Wow, I was surprised to see that someone had the exact same question I had. Then I quickly realized it was me.

sgao_FTNT

Event management is base on single log field check, IOC is based on statistic calculation, so far it cannot be customized in event management.

chall_FTNT

But it would be an interesting idea for a new feature to build upon IOC.  To generate a new log entry (maybe a new log type called IOC) for each entry in the IOC listing.  Anyway, best to approach your Fortinet sales team (or partner) if this would be of value to you.

Chris Hall
Fortinet Technical Support
emnoc
Esteemed Contributor III

So what and how would you have a trigger for IoC in  the FAZ? Would it be purely network behavioral at that point ( volume  or number of sessions )?

 

PCNSE 

NSE 

StrongSwan  

PCNSE NSE StrongSwan
Labels
Top Kudoed Authors