FortiEDR automates the protection against advanced threats, pre and post-execution, with real time orchestrated incident response functionality.
Article Id 229020
Description This article describes how to troubleshoot when no Threat Hunting data comes from a specific collector.
Scope FortiEDR and Threat Hunting.

Threat Hunting feature searches for many types of Indicators of Compromise (IOCs) and malware across the entire environment. Collectors send Threat Hunting data via the Core server.

In some cases, Threat hunting data is not available for specific collectors.


Troubleshooting steps:


1) Check if the collector has a connection to the Core server on TCP port 555.


2) Third-party AV software can block collectors from writing Threat hunting data to files.

If another AV software is installed, disable/uninstall the software or apply the exception in the link below.

Technical Tip: Paths to exclude AV exceptions in 3rd Party AV 


3) Check if the local free disk space on the collector is available more than 5% of the total disk size.

If the free disk space is less than 5%, increase the free space.


4) If the issue still persists, obtain collector logs as described in the link below and raise a TAC ticket.

Technical Tip: How to collect FortiEDR Collector log