FortiEDR
FortiEDR automates the protection against advanced threats, pre and post-execution, with real time orchestrated incident response functionality.
YehonatanA
Staff
Staff
Article Id 368885
Description

 

This article describes how to export a JSON file of a security event for further investigation.

 

Scope

 

When investigating a security event, in addition to event details such as Event ID, Device name, collector version, status, and collector logs, a JSON file of the event will be required.

 

Solution

 

Steps to Export a Security Event JSON File.

 

Follow these steps to export the JSON file:

 

  1. Log In to the Management Console
    • Access the management console using the credentials. Make sure the user has the required user role for this action.
    • Navigate to the Event Viewer tab.

Event viewer tab.png

 

  1. Expand Event Details.

    • Locate the desired security event and select to expand its details.
    • Select the triangle icon (next to the 'Create Exception' icon). This will open a new page displaying the RAW ID of the event.

    Expand event details.png

       

     

  2. Select and Export the Event.

    • Select the desired event by checking the corresponding checkbox.
    • Select Export to expand the export options and choose JSON.
    • To export JSON files for multiple events, select multiple RAW IDs and repeat the steps.
                        

    Select JSON.png

     

  3. Attach the JSON File.

Attach the exported JSON file to the ticket for further investigation. 

 

Additional information is available in the FortiEDR administration guide: 

  • User role information: 

Users

 

  • Exporting logs for collectors:

Exporting logs for Collectors

 

  • Event Viewer:

Event Viewer