Fortinet white logo
Fortinet white logo

Administration Guide

FortiEDR Connect

FortiEDR Connect

The FortiEDR Connect feature opens a console that provides direct access to a FortiEDR-protected device running a v5.2 Windows Collector through a remote Shell connection. This enables you to respond to incidents immediately and to perform in-depth investigation by running commands and scripts on the device, collecting and downloading forensic data from the device, remediating threats, and so on.

A FortiEDR Connect console can be accessed from various FortiEDR pages that list devices, such as the INVENTORY tab, the FORENSICS tab, and the Threat Hunting page under the FORENSICS tab.

  • A Connect to Device button appears at the top of these pages, which enables you to connect to the device that is selected in the list.
  • You can only connect to a single device in each FortiEDR Connect session. See Connecting to a FortiEDR-protected device.
  • A device can only be connected to a single session at a time.
  • Each FortiEDR user can have up to ten FortiEDR Connect sessions open and connected at the same time – each to a different device.
  • Multiple users in your organization can open up FortiEDR Connect sessions (on the FortiEDR Manager), but no more than 30 sessions can be opened at the same time.

In order to use the FortiEDR Connect feature, all of the following must be defined. Otherwise, the Connect to Device button is deactivated.

  • A license to use the FORENSICS feature is required in order to use the FortiEDR Connect feature. You can view your license status, by selecting LICENSING in the ADMINISTRATION tab. See Licensing.
  • In ADMINISTRATION > Tools, the Allow FortiEDR Connect – Remote Shell Connection checkbox must be selected. See Tools.

  • The Authorization – Remote Connect checkbox must be selected in your user profile. See Users.

FortiEDR Connect

FortiEDR Connect

The FortiEDR Connect feature opens a console that provides direct access to a FortiEDR-protected device running a v5.2 Windows Collector through a remote Shell connection. This enables you to respond to incidents immediately and to perform in-depth investigation by running commands and scripts on the device, collecting and downloading forensic data from the device, remediating threats, and so on.

A FortiEDR Connect console can be accessed from various FortiEDR pages that list devices, such as the INVENTORY tab, the FORENSICS tab, and the Threat Hunting page under the FORENSICS tab.

  • A Connect to Device button appears at the top of these pages, which enables you to connect to the device that is selected in the list.
  • You can only connect to a single device in each FortiEDR Connect session. See Connecting to a FortiEDR-protected device.
  • A device can only be connected to a single session at a time.
  • Each FortiEDR user can have up to ten FortiEDR Connect sessions open and connected at the same time – each to a different device.
  • Multiple users in your organization can open up FortiEDR Connect sessions (on the FortiEDR Manager), but no more than 30 sessions can be opened at the same time.

In order to use the FortiEDR Connect feature, all of the following must be defined. Otherwise, the Connect to Device button is deactivated.

  • A license to use the FORENSICS feature is required in order to use the FortiEDR Connect feature. You can view your license status, by selecting LICENSING in the ADMINISTRATION tab. See Licensing.
  • In ADMINISTRATION > Tools, the Allow FortiEDR Connect – Remote Shell Connection checkbox must be selected. See Tools.

  • The Authorization – Remote Connect checkbox must be selected in your user profile. See Users.