Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Products Best Practices Hardware Guides Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
    • More >>
    Unified SASE
  • Single Vendor SASE
  • Cloud Network Security
  • Secure Endpoint Connectivity
  • Web Application / API Protection
    • More >>
    Security Operations
  • Security Operations Automation
  • Identity
  • Early Detection & Prevention
    • More >>
    Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
  • Communication & Surveillance
    • Unified SASE
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Cloud Network Security
  • Cloud-Native Security
  • Web Application / API Protection
    • Security Operations
  • Security Operations Automation
  • Endpoint
  • Data Protection
  • Identity
  • Email
  • Early Detection & Prevention
  • Expert Services
  • Edge Firewall
  • Orchestration & management
  • SD Branch
  • Application Delivery
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Secure Private Access
  • Thin Edge
  • Identity
  • Application Gateway
  • Enterprise Asset Management
  • Endpoint Agent
  • Agentless Security Posture
  • Identity
  • Wireless
  • Switching
  • Identity
  • Privilege Acccess Management
  • Next Generation Firewall
  • Orchestration & management
  • Expert Services
  • All
  • All
  • Account Management
  • SAAS Management
  • SAAS Application Security
  • Managed Services
  • Platform as a service (PAAS)
  • Other SAAS Services
    • 4D Resources
    Solution Hubs
  • 4D Pillars
  • Cloud
  • Popular Solutions

    • Administration Guide

    Home FortiEDR/XDR 5.1.0 Administration Guide
    5.1.0
    6.2.0
    6.0.0
    5.2.1
    5.2.0
    5.1.0
    5.0.0
    4.2.0
    4.1.1
    4.1.0

    System Events

    System Events

    Selecting SYSTEM EVENTS in the ADMINISTRATION tab displays all the system events relevant to the FortiEDR system.

    When a system event is triggered, it is sent via email to the defined distribution list. For more details, you may refer to Distribution Lists

    Note – System events can also be retrieved using an API command. For more details, refer to the FortiEDR RESTful API Guide.

    Each time a new system event is created, it can be sent through the Syslog.

    The following events are defined as system events in the system. The user receives a notification for each of them if that system event is enabled for the user’s distribution list. Syslog can also be configured to send system events messages, as described in Syslog.

    • Core state was changed to Disconnected (and another event when the Core state was returned to the Connected state immediately afterward)
    • Core state was changed to Degraded (and another event when the Core state was returned to THE Connected state immediately afterward)
    • Aggregator state was changed to Disconnected (and another event when the Aggregator state was returned to the Connected state immediately afterward)
    • Aggregator state was changed to Degraded (and another event when the Aggregator state was returned to the Connected state immediately afterward)
    • Threat Hunting Repository state was changed to Disconnected (and another event when the Repository state was returned to the Connected state immediately afterward).
    • Threat Hunting Repository state was changed to Degraded (and another event when the Repository state was returned to the Connected state immediately afterward).
    • Collector registered for the first time (only UI/API; is not sent by email/Syslog)
    • Collector was uninstalled via the Central Manager console.
    • Collector state was changed to Disconnected Expired.
    • License will expire in 21/7 days/1 day
    • License expired
    • License capacity of workstations has reached 90/95/100%
    • License capacity of servers has reached 90/95/100%
    • System mode was changed from Prevention to Simulation or vice versa
    • FortiEDR Cloud Service (FCS) connectivity is down
    Previous
    Next

    System Events

    System Events

    Selecting SYSTEM EVENTS in the ADMINISTRATION tab displays all the system events relevant to the FortiEDR system.

    When a system event is triggered, it is sent via email to the defined distribution list. For more details, you may refer to Distribution Lists

    Note – System events can also be retrieved using an API command. For more details, refer to the FortiEDR RESTful API Guide.

    Each time a new system event is created, it can be sent through the Syslog.

    The following events are defined as system events in the system. The user receives a notification for each of them if that system event is enabled for the user’s distribution list. Syslog can also be configured to send system events messages, as described in Syslog.

    • Core state was changed to Disconnected (and another event when the Core state was returned to the Connected state immediately afterward)
    • Core state was changed to Degraded (and another event when the Core state was returned to THE Connected state immediately afterward)
    • Aggregator state was changed to Disconnected (and another event when the Aggregator state was returned to the Connected state immediately afterward)
    • Aggregator state was changed to Degraded (and another event when the Aggregator state was returned to the Connected state immediately afterward)
    • Threat Hunting Repository state was changed to Disconnected (and another event when the Repository state was returned to the Connected state immediately afterward).
    • Threat Hunting Repository state was changed to Degraded (and another event when the Repository state was returned to the Connected state immediately afterward).
    • Collector registered for the first time (only UI/API; is not sent by email/Syslog)
    • Collector was uninstalled via the Central Manager console.
    • Collector state was changed to Disconnected Expired.
    • License will expire in 21/7 days/1 day
    • License expired
    • License capacity of workstations has reached 90/95/100%
    • License capacity of servers has reached 90/95/100%
    • System mode was changed from Prevention to Simulation or vice versa
    • FortiEDR Cloud Service (FCS) connectivity is down
    Previous
    Next