Fortinet black logo

Administration Guide

Home FortiEDR/XDR 5.0.0 Administration Guide

Audit Trail

5.0.0
6.2.0
6.0.0
5.2.1
5.2.0
5.1.0
5.0.0
4.2.0
4.1.1
4.1.0
Copy Link
Copy Doc ID 82fbe02c-e479-11eb-97f7-00505692583a:51889
Download PDF

Audit Trail

FortiEDR’s audit mechanism records every user action in the FortiEDR system. System actions are not recorded. You can download the audit trail to a *.csv file for further analysis.

Each time a new audit trail is created, it can be sent through the Syslog.

To generate the audit trail:
  1. Click the TOOLS link in the left pane.
  2. In the AUDIT TRAIL area, specify the From and To dates in the respective fields.
  3. Click the Generate Audit button. A progress window displays:

  4. Click the Download link to download the audit trail to a *.csv file. An Excel file, such as the example shown below, displays:

    Each row in the audit trail file contains the following columns of information:

    Field

    Definition

    Date and TimeDisplays the date and time in the format yyyy-mm-dd hh:mm:ss.
    Sub systemDisplays the change type, such as System, Configuration, Administration, Forensics, Events, Inventory, Communication Control or Health.
    User NameDisplays the name of the user.
    DescriptionDisplays the action and/or a description.

The following actions can be audited:

  • System actions
  • Policy actions
  • Forensic actions
  • Administrative actions
  • Events
  • Inventory actions
  • System health changes

Note – If an employee’s/user’s data was removed from FortiEDR for GDPR compliance, then the affected record for that person still displays in the audit trail but shows GDPR_ANONYMIZE instead of actual user data. For example, as shown below:

Previous
Next

Audit Trail

FortiEDR’s audit mechanism records every user action in the FortiEDR system. System actions are not recorded. You can download the audit trail to a *.csv file for further analysis.

Each time a new audit trail is created, it can be sent through the Syslog.

To generate the audit trail:
  1. Click the TOOLS link in the left pane.
  2. In the AUDIT TRAIL area, specify the From and To dates in the respective fields.
  3. Click the Generate Audit button. A progress window displays:

  4. Click the Download link to download the audit trail to a *.csv file. An Excel file, such as the example shown below, displays:

    Each row in the audit trail file contains the following columns of information:

    Field

    Definition

    Date and TimeDisplays the date and time in the format yyyy-mm-dd hh:mm:ss.
    Sub systemDisplays the change type, such as System, Configuration, Administration, Forensics, Events, Inventory, Communication Control or Health.
    User NameDisplays the name of the user.
    DescriptionDisplays the action and/or a description.

The following actions can be audited:

  • System actions
  • Policy actions
  • Forensic actions
  • Administrative actions
  • Events
  • Inventory actions
  • System health changes

Note – If an employee’s/user’s data was removed from FortiEDR for GDPR compliance, then the affected record for that person still displays in the audit trail but shows GDPR_ANONYMIZE instead of actual user data. For example, as shown below:

Previous
Next