Fortinet black logo

Administration Guide

System Events

Copy Link
Copy Doc ID 82fbe02c-e479-11eb-97f7-00505692583a:315462
Download PDF

System Events

Selecting SYSTEM EVENTS in the ADMINISTRATION tab displays all the system events relevant to the FortiEDR system.

When a system event is triggered, it is sent via email to the defined distribution list. For more details, you may refer to Distribution Lists

Note – System events can also be retrieved using an API command. For more details, refer to the FortiEDR RESTful API Guide.

Each time a new system event is created, it can be sent through the Syslog.

The following events are defined as system events in the system. The user receives a notification for each of them if that system event is enabled for the user’s distribution list. Syslog can also be configured to send system events messages, as described in Syslog.

  • Core state was changed to Disconnected (and another event when the Core state was returned to the Connected state immediately afterward)
  • Core state was changed to Degraded (and another event when the Core state was returned to THE Connected state immediately afterward)
  • Aggregator state was changed to Disconnected (and another event when the Aggregator state was returned to the Connected state immediately afterward)
  • Aggregator state was changed to Degraded (and another event when the Aggregator state was returned to the Connected state immediately afterward)
  • Threat Hunting Repository state was changed to Disconnected (and another event when the Repository state was returned to the Connected state immediately afterward).
  • Threat Hunting Repository state was changed to Degraded (and another event when the Repository state was returned to the Connected state immediately afterward).
  • Collector registered for the first time (only UI/API; is not sent by email/Syslog)
  • Collector was uninstalled via the Central Manager console.
  • Collector state was changed to Disconnected Expired.
  • License will expire in 21/7 days/1 day
  • License expired
  • License capacity of workstations has reached 90/95/100%
  • License capacity of servers has reached 90/95/100%
  • System mode was changed from Prevention to Simulation or vice versa
  • FortiEDR Cloud Service (FCS) connectivity is down

System Events

Selecting SYSTEM EVENTS in the ADMINISTRATION tab displays all the system events relevant to the FortiEDR system.

When a system event is triggered, it is sent via email to the defined distribution list. For more details, you may refer to Distribution Lists

Note – System events can also be retrieved using an API command. For more details, refer to the FortiEDR RESTful API Guide.

Each time a new system event is created, it can be sent through the Syslog.

The following events are defined as system events in the system. The user receives a notification for each of them if that system event is enabled for the user’s distribution list. Syslog can also be configured to send system events messages, as described in Syslog.

  • Core state was changed to Disconnected (and another event when the Core state was returned to the Connected state immediately afterward)
  • Core state was changed to Degraded (and another event when the Core state was returned to THE Connected state immediately afterward)
  • Aggregator state was changed to Disconnected (and another event when the Aggregator state was returned to the Connected state immediately afterward)
  • Aggregator state was changed to Degraded (and another event when the Aggregator state was returned to the Connected state immediately afterward)
  • Threat Hunting Repository state was changed to Disconnected (and another event when the Repository state was returned to the Connected state immediately afterward).
  • Threat Hunting Repository state was changed to Degraded (and another event when the Repository state was returned to the Connected state immediately afterward).
  • Collector registered for the first time (only UI/API; is not sent by email/Syslog)
  • Collector was uninstalled via the Central Manager console.
  • Collector state was changed to Disconnected Expired.
  • License will expire in 21/7 days/1 day
  • License expired
  • License capacity of workstations has reached 90/95/100%
  • License capacity of servers has reached 90/95/100%
  • System mode was changed from Prevention to Simulation or vice versa
  • FortiEDR Cloud Service (FCS) connectivity is down