| Description | This article describes how to troubleshoot the automation log not generated when there is malware detected by FortiNDR. |
| Scope | FortiNDR. |
| Solution |
Automation Framework and Enforcement Settings has been configured in FortiNDR for automation to quarantined the IP in FortiGate when malware is detected.
The reason why the Automation log not generated is because there is no enforcement action generated by FortiNDR. To troubleshoot this issue, check the log for the detected malware and check the risk level of that malware.
Then, check on the Enforcement Settings for the Enforcement Profile created. Check on the 'Malware Risk Level' settings. If it is set as 'High', it means the risk level 'High' and higher will match with this Enforcement Profile. Risk level lower than 'High', such as 'Medium' or 'Low', will not match this Enforcement Profile.
Also, check on the Automation Framework to make sure the correct Enforcement Profile was applied.
|
