Fortinet black logo

Administration Guide

Home FortiEDR/XDR 5.2.1 Administration Guide
5.2.1
6.2.0
6.0.0
5.2.1
5.2.0
5.1.0
5.0.0
4.2.0
4.1.1
4.1.0

Connecting to a FortiEDR-protected device

Connecting to a FortiEDR-protected device

The following describes how to open a FortiEDR Connect console session that connects you directly to a FortiEDR-protected device.

To directly access a FortiEDR-protected device:
  1. A FortiEDR Connect console can be accessed from various FortiEDR pages that list devices, such as the INVENTORY tab, the FORENSICS tab, and the Threat Hunting page under the FORENSICS tab. The operation of the FortiEDR Connect console is the same regardless of where it was accessed from.
  2. Select the relevant device from the list.

    You can only connect to a single device at a time, and therefore, if you select more than one device, the Connect to Device button is deactivated.

    You can only connect to accessible devices. For example, the Connect to Device button is deactivated, when you select a disconnected device.

    Note

    If the list only displays a single device, then the Connect to Device button automatically applies to that device without you needing to select it.

  3. Click the Connect to Device button at the top of the list. For example, as shown below –

    A Shell window opens in a new browser tab. You may be requested to wait while the connection is established.

    The following displays after the connection has been established:

    The name of the device is displayed in the top left corner of the page.

    The connection status and a timer is displayed in the top right corner of the page.

  4. The main part of this page shows a terminal screen (black) with a prompt (>>>) at the top left where you can type commands.

    Clicking the Help button at the top right of the terminal screen displays a list of the commands (and their parameters) that you can run. To run a command, simply type it (for example, %dir) with its parameters and press Enter. Note that when the parameter should be Path, full path should be provided. For example: c:\MyDirectory or c:\MyDirectory\MyPath.

    Most of these are FortiEDR-specific commands. For example, typing %dir \ displays the following:

    In addition, you can use the %cmd command to open a command prompt view, as shown below.

    This view enables you to enter standard Microsoft terminal (cmd) commands, such as dir. For example, the following displays:

    In addition, you can run Python command at the prompt. The supported Python version is 3.x.

    Note

    The FortiEDR Audit trail feature records the connection of a FortiEDR Connect session, but not every action that was performed in the session.

Previous
Next

Connecting to a FortiEDR-protected device

The following describes how to open a FortiEDR Connect console session that connects you directly to a FortiEDR-protected device.

To directly access a FortiEDR-protected device:
  1. A FortiEDR Connect console can be accessed from various FortiEDR pages that list devices, such as the INVENTORY tab, the FORENSICS tab, and the Threat Hunting page under the FORENSICS tab. The operation of the FortiEDR Connect console is the same regardless of where it was accessed from.
  2. Select the relevant device from the list.

    You can only connect to a single device at a time, and therefore, if you select more than one device, the Connect to Device button is deactivated.

    You can only connect to accessible devices. For example, the Connect to Device button is deactivated, when you select a disconnected device.

    Note

    If the list only displays a single device, then the Connect to Device button automatically applies to that device without you needing to select it.

  3. Click the Connect to Device button at the top of the list. For example, as shown below –

    A Shell window opens in a new browser tab. You may be requested to wait while the connection is established.

    The following displays after the connection has been established:

    The name of the device is displayed in the top left corner of the page.

    The connection status and a timer is displayed in the top right corner of the page.

  4. The main part of this page shows a terminal screen (black) with a prompt (>>>) at the top left where you can type commands.

    Clicking the Help button at the top right of the terminal screen displays a list of the commands (and their parameters) that you can run. To run a command, simply type it (for example, %dir) with its parameters and press Enter. Note that when the parameter should be Path, full path should be provided. For example: c:\MyDirectory or c:\MyDirectory\MyPath.

    Most of these are FortiEDR-specific commands. For example, typing %dir \ displays the following:

    In addition, you can use the %cmd command to open a command prompt view, as shown below.

    This view enables you to enter standard Microsoft terminal (cmd) commands, such as dir. For example, the following displays:

    In addition, you can run Python command at the prompt. The supported Python version is 3.x.

    Note

    The FortiEDR Audit trail feature records the connection of a FortiEDR Connect session, but not every action that was performed in the session.

Previous
Next