Help
FortiEDR
FortiEDR automates the protection against advanced threats, pre and post-execution, with real time orchestrated incident response functionality.
Ahmed_Mohamed
Staff
Staff

Created on ‎07-29-2024 06:13 AM

Article Id 328493

Technical Tip: How to use FortiEDR Connect with Linux Collectors

Description This article describes how to remotely access Linux protected servers using FortiEDR Connect (remote shell).
Scope FortiEDR 5.2 and above. Linux Collector 5.1.8.1047 +
Solution

FortiEDR Connect is a feature that opens a console which grants direct access to a protected device running FortiEDR Collector through a terminal connection.

Refer to FortiEDR Admin Guide for further information.

 

FortiEDR_connect1.png

 

The FortiEDR Connect window supports the following types of commands:
1.The predefined commands: To run such a command, simply type it (for example, %ls) with its parameters and then press <Enter>. When entering a path, make sure to enter the full path. For example: /MyDirectory or /MyDirectory/MyFile

 

List of predefined commands:
Command Parameters Description
%ls Folder of file path Returns information about a specific file or folder
%ip   Returns IP information
%ip_all   Returns extended IP information
%download_file
File path
 Download the file into the default brower's download folder, returns the new files name
%upload_file
Path to upload to, including the file name. File name
Upload the file from the File library to the specified path
 
%sha1_file
File path
Return the SHA1 of a file
%md5_file
File path
Returns the md5 of a file
%list_services
 
Return the running services
%list_commands
File path
Returns the list commands that can be used
%delete_file
  
Deletes the specified file
%get_cwd
  
Returns the current directory
%hostname
  
Shows device name
%ps_aux
  
Runs “ps_aux”
%kill_process
Process PID
Terminates the process its PID is provided
%netstat
  
Runs “netstat -nao”
%start_process
Process path and name
Runs the provided process

 

2.Linux Command line commands: To run such a command, type %bash or %sh and press <Enter>. At the prompt, you can then run any Linux command line commands
3.Python commands.

 

Notes:

  • The FortiEDR Audit trail feature records the connection of a FortiEDR Connect session and every action that was performed in the session.
  • Only users with the Establish FortiEDR Connect sessions checkbox in the user profile selected can lunch remote shell using FortiEDR Connect functionality.
  • Not all compatible Linux distros supports FortiEDR Connect feature yet. It is rolled out gradually. Refer to latest release notes or contact support for full list.
  • Use absolute paths when specifying path parameter.
  • FortiEDR connect shell supports copy and paste.
  • Remote shell logins to Linux server as root user.

  • if the %download_file parameters contain whitespace, please, use '%20' instead of whitespace, i.e.:

    To download file '/tmp/new file' execute command: %download_file /tmp/new%20file
263
Suggest New Article
Article Feedback
Contributors
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.