Hello, is there an option to determine who executed the script knowing the exact date of execution of the script? Someone executed a script that did a lot of damage, I managed to repair it but I don't know if it was sabotage/attack or just an employee error (Fortimanager software from the 6.2.X/6.4.X series)
FortiManager's Audit Logs feature tracks user activity, including script execution. To check, log in, go to System Settings or Admin section, find Audit Logs, and search for the script execution date and user.
Analyze the logs to verify the user's identity and consider upgrading FortiManager for newer capabilities. Implement security measures to prevent unauthorized access and potential damage. If suspicious, investigate and involve IT security or Fortinet support.
When an admin runs a script there should be an event created in the event log with:
Description: Script install status
Operation: Install script
Also attributes Changes and Message will show more information but are less useful for filtering.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1735 | |
1107 | |
752 | |
447 | |
240 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.