What is the purpose of using prefilters when configuring event handlers?
What is the purpose of using prefilters when configuring event handlers?
Prefilters limit which logs are checked for matches by the other filters. They are applied before all other filters and conditions configured, effectively acting as exclusion filters.
You can also add a prefilter, which is a common filter that will be applied before all other ones configured. The conditions on the prefilter can then be used to limit which logs will be checked for matches by the other filters. Because of that, they are also known as exclusion filters. Reference: FortiAnalyzer Analyst Study Guide for FortiAnalyzer 7.2
FortiAnalyzer Analyst Study Guide for FortiAnalyzer 7.2 page 106