Hello, is there an option to determine who executed the script knowing the exact date of execution of the script? Someone executed a script that did a lot of damage, I managed to repair it but I don't know if it was sabotage/attack or just an employee error (Fortimanager software from the 6.2.X/6.4.X series)
FortiManager's Audit Logs feature tracks user activity, including script execution. To check, log in, go to System Settings or Admin section, find Audit Logs, and search for the script execution date and user.
Analyze the logs to verify the user's identity and consider upgrading FortiManager for newer capabilities. Implement security measures to prevent unauthorized access and potential damage. If suspicious, investigate and involve IT security or Fortinet support.
When an admin runs a script there should be an event created in the event log with: Description: Script install status Operation: Install script Also attributes Changes and Message will show more information but are less useful for filtering.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.