Description
This article describes how to export a JSON file of a security event for further investigation.
Scope
When investigating a security event, in addition to event details such as Event ID, Device name, collector version, status, and collector logs, a JSON file of the event will be required.
Solution
Steps to Export a Security Event JSON File.
Follow these steps to export the JSON file:
- Log In to the Management Console
- Access the management console using the credentials. Make sure the user has the required user role for this action.
- Navigate to the Event Viewer tab.
-
Expand Event Details.
- Locate the desired security event and select to expand its details.
- Select the triangle icon (next to the 'Create Exception' icon). This will open a new page displaying the RAW ID of the event.
-
Select and Export the Event.
- Select the desired event by checking the corresponding checkbox.
- Select Export to expand the export options and choose JSON.
- To export JSON files for multiple events, select multiple RAW IDs and repeat the steps.
-
Attach the JSON File.
Attach the exported JSON file to the ticket for further investigation.
Additional information is available in the FortiEDR administration guide:
- User role information:
- Exporting logs for collectors:
- Event Viewer: