Description | This article describes how to troubleshoot when no Threat Hunting data comes from a specific collector. |
Scope | FortiEDR and Threat Hunting. |
Solution |
Threat Hunting feature searches for many types of Indicators of Compromise (IOCs) and malware across the entire environment. Collectors send Threat Hunting data via the Core server. In some cases, Threat hunting data is not available for specific collectors.
Troubleshooting steps:
1) Check if the collector has a connection to the Core server on TCP port 555.
2) Third-party AV software can block collectors from writing Threat hunting data to files. If another AV software is installed, disable/uninstall the software or apply the exception in the link below. Technical Tip: Paths to exclude AV exceptions in 3rd Party AV
3) Check if the local free disk space on the collector is available more than 5% of the total disk size. If the free disk space is less than 5%, increase the free space.
4) If the issue still persists, obtain collector logs as described in the link below and raise a TAC ticket. |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2025 Fortinet, Inc. All Rights Reserved.