Fortinet black logo

Administration Guide

Home FortiEDR/XDR 5.2.0 Administration Guide
5.2.0
6.2.0
6.0.0
5.2.1
5.2.0
5.1.0
5.0.0
4.2.0
4.1.1
4.1.0

Audit trail

Audit trail

FortiEDR’s audit mechanism records every user action in the FortiEDR system. System actions are not recorded. You can download the audit trail to a CSV file for further analysis.

Each time a new audit trail is created, it can be sent through the Syslog.

To generate the audit trail:
  1. Click the TOOLS link in the left pane.
  2. In the AUDIT TRAIL area, specify the From and To dates in the respective fields.
  3. Click the Generate Audit button. A progress window displays:

  4. Click the Download link to download the audit trail to a CSV file or spreadsheet, such as the example shown below, displays:

    Each row in the audit trail file contains the following columns of information:

    Field

    Definition

    Date and TimeDisplays the date and time in the format yyyy-mm-dd hh:mm:ss.
    Sub systemDisplays the change type, such as System, Configuration, Administration, Forensics, Events, Inventory, Communication Control or Health.
    User NameDisplays the name of the user.
    DescriptionDisplays the action and/or a description.

The following actions can be audited:

  • Policy actions
  • Forensic actions
  • Administrative actions
  • Events
  • Inventory actions
  • System health changes
Note

If an employee’s/user’s data was removed from FortiEDR for GDPR compliance, then the affected record for that person still displays in the audit trail but shows GDPR_ANONYMIZE instead of actual user data. For example, as shown below:
Previous
Next

Audit trail

FortiEDR’s audit mechanism records every user action in the FortiEDR system. System actions are not recorded. You can download the audit trail to a CSV file for further analysis.

Each time a new audit trail is created, it can be sent through the Syslog.

To generate the audit trail:
  1. Click the TOOLS link in the left pane.
  2. In the AUDIT TRAIL area, specify the From and To dates in the respective fields.
  3. Click the Generate Audit button. A progress window displays:

  4. Click the Download link to download the audit trail to a CSV file or spreadsheet, such as the example shown below, displays:

    Each row in the audit trail file contains the following columns of information:

    Field

    Definition

    Date and TimeDisplays the date and time in the format yyyy-mm-dd hh:mm:ss.
    Sub systemDisplays the change type, such as System, Configuration, Administration, Forensics, Events, Inventory, Communication Control or Health.
    User NameDisplays the name of the user.
    DescriptionDisplays the action and/or a description.

The following actions can be audited:

  • Policy actions
  • Forensic actions
  • Administrative actions
  • Events
  • Inventory actions
  • System health changes
Note

If an employee’s/user’s data was removed from FortiEDR for GDPR compliance, then the affected record for that person still displays in the audit trail but shows GDPR_ANONYMIZE instead of actual user data. For example, as shown below:
Previous
Next