Subnet lists – FortiAnalyzer – FortiOS 6.2.3

Subnet lists

In Incidents & Events, you can define subnet lists which can be added to subnet groups.

Subnet lists and groups can be used to create a whitelist or blacklist in event handlers.

Creating a subnet list

To create a new subnet:

  1. Go to Incidents & Events > Subnet Lists.
  2. Select Create New > Subnet.
  3. Enter a name for the subnet.
  4. Select a Subnet type and configure the corresponding information. Subnet types include: l Subnet Notation l IP Range l Batch Add
  5. Select OK.

Once a subnet has been created, it can be edited, cloned, or deleted by highlighting it and selecting the corresponding action in Subnet List toolbar.

Creating a subnet group

To create a subnet group:

  1. Go to Incidents & Events > Subnet List.
  2. Select Create New > Subnet Group.
  3. Enter a name for the subnet group.
  4. Select the subnet entries to be included in the group and select OK in the pop-up window.
  5. Select OK.

Once a subnet group has been created, it can be edited, cloned, or deleted by highlighting it and selecting the corresponding action in Subnet List toolbar.

Assigning subnet filters to event handlers

You can streamline SOC processes by defining a subnet whitelist/blacklist for event handlers. These addresses can be linked to any event handler to enable or prevent it from triggering an event. Creating a subnet whitelist/blacklist for event handlers eliminates the need to specify common networks in every event handler.

To include or exclude subnets in an event handler:

  1. Go to Incidents & Events > Event HandlerList.
  2. Select an event handler to edit from the list.
  3. In the Subnet category, select Specify.
  4. Choose which subnets to include or exclude by selecting them from the corresponding dropdown menu.
  5. Select OK.
This entry was posted in Administration Guides, FortiAnalyzer on by .

About Mike

Michael Pruett, CISSP has a wide range of cyber-security and network engineering expertise. The plethora of vendors that resell hardware but have zero engineering knowledge resulting in the wrong hardware or configuration being deployed is a major pet peeve of Michael's. This site was started in an effort to spread information while providing the option of quality consulting services at a much lower price than Fortinet Professional Services. Owns PacketLlama.Com (Fortinet Hardware Sales) and Office Of The CISO, LLC (Cybersecurity consulting firm).

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.