Collectors
The COLLECTORS page displays a list of the previously defined Collector Groups, which can be expanded to show the FortiEDR Collectors that each contains. Additional Collector Groups can be defined by you, as described on Defining a New Collector Group. FortiEDR Collectors automatically register with the system after installation. By default, each FortiEDR Collector is added to the Collector Group called All. You can move any Collector to another Collector Group, as described on Assigning Collectors to a Collector Group.
To access this page, click the down arrow next to INVENTORY and then select Collectors, as shown below.
The default Collector Group (to which new Collectors are automatically added) is marked with a yellow group icon . You can change to a different default Collector Group by clicking the group icon of another Collector Group.
Click to expand the list and display the FortiEDR Collectors that the Collector Group contains.
The following information is provided for each Collector:
Information Field |
Description |
---|---|
Checkbox | Check this checkbox to select the Collector. You can then use one of the buttons at the top left of the window, such as the Delete button |
Collector Group Name | Specifies the name of the Collector Group to which the Collector is assigned. |
Device Name | Specifies the device name taken from the communicating device on which the FortiEDR Collector is installed. |
Last Logged |
|
OS |
|
IP |
|
MAC Address |
Specifies the physical address of the device. If a device has multiple MAC addresses, three dots (…) display. You can hover over the MAC Address to display the value (or values, in case of multiple MAC addresses) in a tooltip.
|
Version |
Specifies the version of the FortiEDR Collectors installed on the communicating device. |
State |
Specifies the current state of the FortiEDR Collector. Hovering over the STATE value pops up the last time the STATE was changed. Possible value for STATE are as follows: |
Running |
The FortiEDR Collector is up and all is well. |
Running (Autonomously) |
The core is temporarily inaccessible. Therefore, policy enforcement is performed by the FortiEDR Collector. |
Disconnected |
The device is offline, powered down or is not connected to the FortiEDR Aggregator. |
Disconnected (Expired) |
The device has not been connected for 30 or more consecutive days. Collectors in this state are not counted for licensing purposes. Note: To see the list of Collectors in this state, click the down arrow in the Search box at the top right of the window to display the following window:
Then, check the Show only devices that have not been seen for more than 30 days checkbox, and click the Search button. The Collectors area then displays only devices in the Disconnected (Expired) state. |
Pending Reboot |
After the FortiEDR Collector is installed, you may want some devices to be rebooted before the FortiEDR Collector can start running. This status means that the FortiEDR Collector is ready to run after this device is rebooted. The reboot is performed in the usual manner on the device itself. |
Disabled |
Specifies that this FortiEDR Collector was disabled in the FortiEDR Central Manager. This feature is not yet available in version 1.2. |
Degraded |
Specifies that the FortiEDR Collector is prevented from performing to its full capacity (for example, due to lack of resources on the device on which it is installed or compatibility issues). |
Last Seen |
Counts the number of days passed from the last time this Collector communicated with the Core. |