Technical Tip: How to Trigger an event in the console for macOS to verify if FortiEDR is working Correctly with SysSanityTester tool

SysSanityTester is used for macOS and is a connectivity test tool that will generate a security event on macOS. If the event appears in the FortiEDR Manager, then connectivity between the Collector and Aggregator and Manager is working. 

SysSanityTester can be executed in the following methods:

1)Download SysSanity Testing Tool from the following location to the device to test the tool on: 

https://fortinet.egnyte.com/dl/GoLbQyENhm (Password: FMuCe8iw)

2) Verify in the Console where there is Execution Prevention Policy with the Malicious file Detected rule enabled and applied to the correct group.

3) 'Double-click' on the file to execute it which will open a Terminal prompt window.

4) Via Terminal: cd to file location run cmd: chmod +x SysSanityTester

5) In Terminal run:./SysSanityTester
6) A popup notification on the macOS will appear.

7) The event will be visible in the Console:

Note:

In order to run the tool again on the same device, it will be necessary to delete the event in the console.