|
The FortiEDR Connect feature opens a console that provides direct access to a FortiEDR-protected device running a v5.2 Windows Collector through a remote Shell connection.
Refer following manual for FortiEDR Connect configuration: https://docs.fortinet.com/document/fortiedr/5.2.0/administration-guide/112293/fortiedr-connect
The FortiEDR Connect window supports the following types of commands:
1. The predefined commands listed below. To run such command type it (i.e. %dir) with its parameters and then press <Enter>. When entering a path, make sure to enter the full path. For example: C:\MyDirectory or C:\MyDirectory\MyFile.bat.
NOTE: if the %download_file parameters contain whitespace, please, use '%20' instead of whitespace, i.e.:
To download file 'C:\legitimate software\content1.exe' execute command: %download_file C:\legitimate%20software\content1.exe
For other commands use double quotes for the parameters containing whitespaces, i.e.:
To display information about folder 'C:\legitimate software' command: %dir "C:\legitimate software\":
2. Windows Command line commands. To run such a command, type %cmd and press <Enter>. At the prompt, you can then run any Windows command line commands.
3. Python commands.
List of supported commands:
|
Command
|
Parameters
|
Description
|
|
%dir
|
Folder of file path
|
Returns information about a specific file or folder.
|
|
%ipconfig
|
|
Returns IP information.
|
|
%ipconfig_all
|
|
Returns extended IP information.
|
|
%download_file
|
Files path
|
Downloads the file to your browser.
|
|
%upload_file
|
Full path to which to upload the file (including the file name), File in the "File Library"
|
Uploads the file to the specified path.
|
|
%logged_in_users
|
|
Returns a list of the logged in users.
|
|
%sha1_file
|
Files path
|
Return the SHA1 of a file.
|
|
%md5_file
|
Files path
|
Returns the md5 of a file.
|
|
%tasklist
|
|
Returns the server task list.
|
|
%dump_memory <PID>
|
|
Returns memory dump file.
|
|
%cmd
|
|
Opens the command prompt view.
|
|
%list_commands
|
|
Returns the list commands that can be used.
|
|
%get_registry
|
|
Returns the specified information from registry.
|
|
%is_admin
|
|
Returns true if the user is an admin and false otherwise.
|
|
%delete_file
|
File path
|
Deletes the specified file.
|
|
%get_cwd
|
|
Returns the current directory.
|
|
%list_persistent_software
|
|
Returns a list of the persistent software.
|
|
%add_persistent_software
|
|
Adds the specified value to the persistent software.
|
|
%remove_persistent_software
|
|
Removes the chosen persistent software from the list.
|
|
