Created on 08-05-2024 09:55 PM Edited on 11-01-2024 07:26 AM By Raghu_Kumar
Description | This article describes how to collect information, in case of suspicious activity on FortiGate and send it to the technical support team for review. |
Scope | FortiGate. |
Solution |
If there is a suspicion that FortiGate may be compromised, use the following steps to collect information and open a new ticket with the technical support team. Once the output is attached to the ticket, an engineer will confirm if any indication of compromise is found or not. get system status
diagnose sys filesystem hash
Step 3: Describe why the FortiGate is compromised and attach any supporting logs/files to support the statement. As an example, if unrecognized users/admin login events are visible, attach user event logs or admin login logs from system event logs or local events logs to the ticket. It is also recommended to attach a config file. Fortinet engineers can request further information if needed.
|
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.