Fortinet white logo
Fortinet white logo

Administration Guide

Audit Trail

Audit Trail

FortiEDR’s audit mechanism records every user action in the FortiEDR system. System actions are not recorded. You can download the audit trail to a *.csv file for further analysis.

Each time a new audit trail is created, it can be sent through the Syslog.

To generate the audit trail:
  1. Click the TOOLS link in the left pane.
  2. In the AUDIT TRAIL area, specify the From and To dates in the respective fields.
  3. Click the Generate Audit button. A progress window displays:

  4. Click the Download link to download the audit trail to a *.csv file. An Excel file, such as the example shown below, displays:

    Each row in the audit trail file contains the following columns of information:

    Field

    Definition

    Date and TimeDisplays the date and time in the format yyyy-mm-dd hh:mm:ss.
    Sub systemDisplays the change type, such as System, Configuration, Administration, Forensics, Events, Inventory, Communication Control or Health.
    User NameDisplays the name of the user.
    DescriptionDisplays the action and/or a description.

The following actions can be audited:

  • System actions
  • Policy actions
  • Forensic actions
  • Administrative actions
  • Events
  • Inventory actions
  • System health changes

Note – If an employee’s/user’s data was removed from FortiEDR for GDPR compliance, then the affected record for that person still displays in the audit trail but shows GDPR_ANONYMIZE instead of actual user data. For example, as shown below:

Audit Trail

Audit Trail

FortiEDR’s audit mechanism records every user action in the FortiEDR system. System actions are not recorded. You can download the audit trail to a *.csv file for further analysis.

Each time a new audit trail is created, it can be sent through the Syslog.

To generate the audit trail:
  1. Click the TOOLS link in the left pane.
  2. In the AUDIT TRAIL area, specify the From and To dates in the respective fields.
  3. Click the Generate Audit button. A progress window displays:

  4. Click the Download link to download the audit trail to a *.csv file. An Excel file, such as the example shown below, displays:

    Each row in the audit trail file contains the following columns of information:

    Field

    Definition

    Date and TimeDisplays the date and time in the format yyyy-mm-dd hh:mm:ss.
    Sub systemDisplays the change type, such as System, Configuration, Administration, Forensics, Events, Inventory, Communication Control or Health.
    User NameDisplays the name of the user.
    DescriptionDisplays the action and/or a description.

The following actions can be audited:

  • System actions
  • Policy actions
  • Forensic actions
  • Administrative actions
  • Events
  • Inventory actions
  • System health changes

Note – If an employee’s/user’s data was removed from FortiEDR for GDPR compliance, then the affected record for that person still displays in the audit trail but shows GDPR_ANONYMIZE instead of actual user data. For example, as shown below: