Help
FortiEDR
FortiEDR automates the protection against advanced threats, pre and post-execution, with real time orchestrated incident response functionality.
ymasaki
Staff
Staff

Created on ‎03-20-2024 11:21 PM

Article Id 305667

Technical Tips: How to trigger an event in console for Linux collector machines

Description This article explains testing tools on Linux collector machines.
Scope FortiEDR.
Solution

connect 1 (Ubuntu) and connect 2 (CentOS) are connectivity test tools to generate a security event on Linux collector machines. If the event appears in the FortiEDR Manager, connectivity between the Collector and Aggregator and Manager is working.

connect 1 and connect 2 can be executed in the following methods:

  1. Ask Support to get connect 1 and connect 2.
  2. Verify in the Console where there is an Exfiltration Prevention Policy with the Unconfirmed Executable - Executable File Failed Verification Test rule enabled and applied to the correct group.
  3. Run 'chmod +x connect\ 2' and execute the file with './connect\ 2'.

In this scenario, the tool runs on CentOS. The same step is applied to Ubuntu to run connect 1.

 

connect_cli.png

 

  1. The event will show up in the console.

 

connect_gui.png
85
0 Kudos
Submit Article Idea
Contributors
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.