Fortinet black logo

Administration Guide

Home FortiEDR/XDR 5.2.1 Administration Guide
5.2.1
6.2.0
6.0.0
5.2.1
5.2.0
5.1.0
5.0.0
4.2.0
4.1.1
4.1.0

FortiEDR Connect

FortiEDR Connect

The FortiEDR Connect feature opens a console that provides direct access to a FortiEDR-protected device running a v5.2 Windows Collector through a remote Shell connection. This enables you to respond to incidents immediately and to perform in-depth investigation by running commands and scripts on the device, collecting and downloading forensic data from the device, remediating threats, and so on.

A FortiEDR Connect console can be accessed from various FortiEDR pages that list devices, such as the INVENTORY tab, the FORENSICS tab, and the Threat Hunting page under the FORENSICS tab.

  • A Connect to Device button appears at the top of these pages, which enables you to connect to the device that is selected in the list.
  • You can only connect to a single device in each FortiEDR Connect session. See Connecting to a FortiEDR-protected device.
  • A device can only be connected to a single session at a time.
  • Each FortiEDR user can have up to ten FortiEDR Connect sessions open and connected at the same time – each to a different device.
  • Multiple users in your organization can open up FortiEDR Connect sessions (on the FortiEDR Manager), but no more than 30 sessions can be opened at the same time.

To allow a user access to the FortiEDR Connect functionality, configure the following options. Otherwise, the Connect to Device button is deactivated for the user.

  • In ADMINISTRATION > Tools, ensure that the Allow FortiEDR Connect – Remote Shell Connection checkbox is selected, which enables the FortiEDR Connect functionality for the organization. See Tools.

  • Select the Establish FortiEDR Connect sessions checkbox in the user profile to grant the user access to the FortiEDR Connect functionality. See Users.
    Note

    This checkbox is available for Admin, Analyst, and Senior Analyst users only.

Previous
Next

FortiEDR Connect

The FortiEDR Connect feature opens a console that provides direct access to a FortiEDR-protected device running a v5.2 Windows Collector through a remote Shell connection. This enables you to respond to incidents immediately and to perform in-depth investigation by running commands and scripts on the device, collecting and downloading forensic data from the device, remediating threats, and so on.

A FortiEDR Connect console can be accessed from various FortiEDR pages that list devices, such as the INVENTORY tab, the FORENSICS tab, and the Threat Hunting page under the FORENSICS tab.

  • A Connect to Device button appears at the top of these pages, which enables you to connect to the device that is selected in the list.
  • You can only connect to a single device in each FortiEDR Connect session. See Connecting to a FortiEDR-protected device.
  • A device can only be connected to a single session at a time.
  • Each FortiEDR user can have up to ten FortiEDR Connect sessions open and connected at the same time – each to a different device.
  • Multiple users in your organization can open up FortiEDR Connect sessions (on the FortiEDR Manager), but no more than 30 sessions can be opened at the same time.

To allow a user access to the FortiEDR Connect functionality, configure the following options. Otherwise, the Connect to Device button is deactivated for the user.

  • In ADMINISTRATION > Tools, ensure that the Allow FortiEDR Connect – Remote Shell Connection checkbox is selected, which enables the FortiEDR Connect functionality for the organization. See Tools.

  • Select the Establish FortiEDR Connect sessions checkbox in the user profile to grant the user access to the FortiEDR Connect functionality. See Users.
    Note

    This checkbox is available for Admin, Analyst, and Senior Analyst users only.

Previous
Next