Fortinet black logo

Administration Guide

Home FortiEDR/XDR 5.2.0 Administration Guide

System events

5.2.0
6.2.0
6.0.0
5.2.1
5.2.0
5.1.0
5.0.0
4.2.0
4.1.1
4.1.0
Copy Link
Copy Doc ID 30b84173-e130-11ec-bb32-fa163e15d75b:315462
Download PDF

System events

Selecting SYSTEM EVENTS in the ADMINISTRATION tab displays all the system events relevant to the FortiEDR system.

Use the search bar on the top right corner to filter system events by keywords.

Use the Advanced search button to filter system events by component with a date range, which you can specify in the SEARCH SYSTEM EVENT window.

Note

System events can also be retrieved using an API command. For more details, refer to the FortiEDR RESTful API Guide. You must log in to the Fortinet Developer Network to access the guide.

Each time a system event is triggered and created, the user receives an email notification for each of them if that system event is enabled for the user’s Distribution lists. You can also configure Syslog to send system events messages.

The following events are defined as system events in the system:

  • Core state was changed to Disconnected (and another event when the Core state was returned to the Connected state immediately afterward)
  • Core state was changed to Degraded (and another event when the Core state was returned to THE Connected state immediately afterward)
  • Aggregator state was changed to Disconnected (and another event when the Aggregator state was returned to the Connected state immediately afterward)
  • Aggregator state was changed to Degraded (and another event when the Aggregator state was returned to the Connected state immediately afterward)
  • Threat Hunting Repository state was changed to Disconnected (and another event when the Repository state was returned to the Connected state immediately afterward).
  • Threat Hunting Repository state was changed to Degraded (and another event when the Repository state was returned to the Connected state immediately afterward).
  • Collector registered for the first time (only UI/API; is not sent by email/Syslog)
  • Collector was uninstalled via the Central Manager console.
  • Collector state was changed to Disconnected Expired.
  • License will expire in 21/7 days/1 day
  • License expired
  • License capacity of workstations has reached 90/95/100%
  • License capacity of servers has reached 90/95/100%
  • System mode was changed from Prevention to Simulation or vice versa
  • FortiEDR Cloud Service (FCS) connectivity is down
Previous
Next

System events

Selecting SYSTEM EVENTS in the ADMINISTRATION tab displays all the system events relevant to the FortiEDR system.

Use the search bar on the top right corner to filter system events by keywords.

Use the Advanced search button to filter system events by component with a date range, which you can specify in the SEARCH SYSTEM EVENT window.

Note

System events can also be retrieved using an API command. For more details, refer to the FortiEDR RESTful API Guide. You must log in to the Fortinet Developer Network to access the guide.

Each time a system event is triggered and created, the user receives an email notification for each of them if that system event is enabled for the user’s Distribution lists. You can also configure Syslog to send system events messages.

The following events are defined as system events in the system:

  • Core state was changed to Disconnected (and another event when the Core state was returned to the Connected state immediately afterward)
  • Core state was changed to Degraded (and another event when the Core state was returned to THE Connected state immediately afterward)
  • Aggregator state was changed to Disconnected (and another event when the Aggregator state was returned to the Connected state immediately afterward)
  • Aggregator state was changed to Degraded (and another event when the Aggregator state was returned to the Connected state immediately afterward)
  • Threat Hunting Repository state was changed to Disconnected (and another event when the Repository state was returned to the Connected state immediately afterward).
  • Threat Hunting Repository state was changed to Degraded (and another event when the Repository state was returned to the Connected state immediately afterward).
  • Collector registered for the first time (only UI/API; is not sent by email/Syslog)
  • Collector was uninstalled via the Central Manager console.
  • Collector state was changed to Disconnected Expired.
  • License will expire in 21/7 days/1 day
  • License expired
  • License capacity of workstations has reached 90/95/100%
  • License capacity of servers has reached 90/95/100%
  • System mode was changed from Prevention to Simulation or vice versa
  • FortiEDR Cloud Service (FCS) connectivity is down
Previous
Next