
Fortinet FortiEDR
Advanced, automated endpoint protection, detection, and response
FortiEDR identifies and stops breaches in real time automatically and efficiently with a lightweight agent. Part of the Fortinet Security Operations platform, it proactively shrinks the attack surface, prevents malware infection, detects and defuses potential threats immediately, and automates response and remediation procedures with customizable playbooks across legacy and current operating systems.
FortiEDR Product Details
Endpoint Detection and Response (EDR) subscription bundles are available for different use cases, depending on the customer needs, other Fortinet Security Fabric products deployed, as well as managed service options.

FortiEDR Advanced Endpoint Protection
FortiEDR safeguards your digital landscape with evasion-resistant, real-time protection, automated incident response, and comprehensive security capabilities tailored to enhance your cybersecurity posture for workstations, servers, and cloud workloads. Reduce the attack surface and leverage out-of-the-box policies that are tightly mapped to the MITRE ATT&CK framework so security teams can respond to a multitude of advanced tactics, techniques, and procedures found in attacks such as ransomware.
The FortiEDR Collector in Action
See how the FortiEDR collector agent is installed on communicating devices in organizations for protection. Installation is swift and doesn't necessitate a reboot. FortiEDR has a minimal impact on devices, retaining limited metadata and using compression to minimize network traffic, CPU usage, memory, and disk space. See an immediate return on investment by freeing up compute resources from other EDR products. FortiEDR can be deployed rapidly with an optional logging and simulation mode while interoperating with other solutions.
Automating Response to Complex Threats
See how FortiEDR, the foundation of FortiXDR, automates incident response with customizable playbooks. Learn how it categorizes events to initiate actions such as notifications, domain blocks, device isolation, and more. Observe as the system shifts from simulation to protection mode, effectively managing malware threats by deleting files, resetting passwords, and blocking IP addresses. This demonstration is shown on both Windows and Linux devices, showcasing its comprehensive capabilities.
Security Fabric Integration
FortiEDR leverages the Fortinet Security Fabric architecture and integrates with many Security Fabric components including FortiGate, FortiSandbox, and FortiSIEM.
- FortiGate
The FortiEDR connector enables the sharing of endpoint threat intelligence and application information with FortiGate. FortiEDR management can instruct enhanced response actions for FortiGate, such as suspending or blocking an IP address following an infiltration attack. - FortiNAC
FortiEDR shares endpoint threat intelligence and discovered assets with FortiNAC. With syslog sharing, FortiEDR management can instruct enhanced response actions for FortiNAC, such as isolating a device. - FortiSandbox
FortiEDR native integration with FortiSandbox automatically submits files to the sandbox in the cloud, supporting real-time event analysis and classification. Additionally, it also shares threat intelligence with FortiSandbox. - FortiSIEM
FortiEDR sends events and alerts to FortiSIEM for threat analysis and forensic investigation. FortiSIEM can also utilize JSON and REST APIs to further integrate with FortiEDR. - FortiGuard Labs
FortiEDR native integration with FortiGuard Labs allows up-to-date intelligence, supporting real-time incident classification to enable accurate incident response playbook activation.

EDR Solution Features and Benefits
DISCOVER AND CONTROL
Discover and control rogue devices and applications based on risk mitigation policies.
DETECT AND DEFUSE IN REAL TIME
Automatically detect and defuse potential threats in real time—even on compromised devices.
AUTOMATIC INCIDENT RESPONSE
Use customizable contextual incident response playbooks that automate incident response.
DRIVE IDENTITY-BASED RESPONSE
Integrate identity tools to enhance threat detection, response, and investigation capabilities.
GAIN EFFICIENT SECURITY OPERATIONS
Eliminate alert fatigue and optimize operations with customizable incident response processes.
ENABLE FULL FEATURE PARITY
Support legacy systems like XP or Server 2003 and get full feature parity.
Bundles:
Endpoint Detection and Response (EDR) subscription bundles are available for different use cases, depending on the customer needs, other Fortinet Security Fabric products deployed, as well as managed service options. The following table summarizes the most common and recommended options:
Discover and Protect | Discover, Protect, and Respond | Discover, Protect, and Respond with XDR | |
---|---|---|---|
Discover - IT Hygiene | |||
Asset Discovery | |||
Asset Assessment | |||
Attack Surface Reduction | |||
Application Control | |||
USB Control | |||
Protect - Endpoint Protection | |||
NGAV (pre-execution) | |||
Post-execution Protection | |||
Sandbox Analysis | |||
Cloud Threat Intelligence | |||
Attack Chain Visualization | |||
Advanced Incident Forensics | |||
MITRE Tagging | |||
Endpoint Detection and Response | |||
AI-powered Investigation | |||
Security Fabric Integration | |||
Third-Party Integration | |||
Automated Remediation and IR Framework | |||
Secured Remote Shell | |||
Continuous Recording and Analysis | |||
Threat Hunting Enablement | |||
AI-based Behavior Tagging | |||
IOC Ingestion and Search | |||
XDR - eXtended Detection and Response | |||
eXtended Detection Across Security Fabric | |||
eXtended Detection Across AWS Guard-Duty | |||
eXtended Detection Across Google SCC | |||
MDR - Managed Service Options | |||
High Fidelity Alert Triage | Managed EDR | Managed EDR | Managed XDR |
Extended Alert Triage | Managed EDR | Managed XDR | |
Containment and Remediation Guidance | Managed EDR | Managed XDR | |
Alerting and Reporting | Managed EDR | Managed XDR | |
Correlated Security Fabric Alert Triage | Managed XDR | ||
Additional Services | |||
24x7 Support | Included | Included | Included |
Cloud Deployment | Supported | Supported | Supported |
On-premise Internet access enabled | Supported | ||
SOCaaS | Included |
Sample Bundles
Bundle | EPP/EDR-BASIC | EDR-COMPLETE | XDR |
---|---|---|---|
25-pack | FC1-10-FEDR1-350-01-DD | FC1-10-FEDR1-348-01-DD | FC1-10-FEDR1-394-01-DD |
500-pack | FC2-10-FEDR1-350-01-DD | FC2-10-FEDR1-348-01-DD | FC2-10-FEDR1-394-01-DD |
2,000-pack | FC3-10-FEDR1-350-01-DD | FC3-10-FEDR1-348-01-DD | FC3-10-FEDR1-394-01-DD |
10,000-pack | FC4-10-FEDR1-350-01-DD | FC4-10-FEDR1-348-01-DD | FC4-10-FEDR1-394-01-DD |
Sample Bundles – Managed
Bundle | Managed EPP/EDR-BASIC | Managed EDR-COMPLETE | Managed XDR |
---|---|---|---|
25-pack | FC1-10-FEDR1-391-01-DD | FC1-10-FEDR1-349-01-DD | FC1-10-FEDR1-597-01-DD |
500-pack | FC2-10-FEDR1-391-01-DD | FC2-10-FEDR1-349-01-DD | FC2-10-FEDR1-597-01-DD |
2,000-pack | FC3-10-FEDR1-391-01-DD | FC3-10-FEDR1-349-01-DD | FC3-10-FEDR1-597-01-DD |
10,000-pack | FC4-10-FEDR1-391-01-DD | FC4-10-FEDR1-349-01-DD | FC4-10-FEDR1-597-01-DD |
Services:
FortiEDR Deployment Best Practices Services (BPS)
This deployment service delivers expert assistance to ensure a successful deployment. These services include architecture and planning, configuration, installation, playbook set up, environment tuning, and training.
FortiGuard Managed Detection (MDR) and Response Service
The FortiGuard Managed Detection and Response (MDR) Service provides customers with 24x7 continuous threat monitoring, alert triage, and incident handling by experienced analysts and the platform. Customers gain peace of mind knowing that highly trained experts review and analyze every alert, take actions to keep customers secure, and provide detailed recommendations on remediation and next steps for incident responders and IT administrators. The FortiResponder MDR Service helps scale existing operations and further enhances SOC maturity.
Additional Services | SKU License | Services |
---|---|---|
Cloud Storage Disk Expansion (512 GB storage) | FC-10-FEDR1-1112-01-DD | Disk Expansion (512 GB storage) |
FortiCare Best Practices Onboarding Service (mandatory for onboarding customers) | FC0-10-EDBPS-310-02-DD | Up to 500 endpoints |
FC1-10-EDBPS-310-02-DD | 501 to 1,000 endpoints | |
FC2-10-EDBPS-310-02-DD | 1,001 to 3,000 endpoints | |
FC3-10-EDBPS-310-02-DD | 3,001 to 10,000 endpoints | |
FC5-10-EDBPS-310-02-DD | 10,001 to 30,000 endpoints | |
FP-10-EDR-PS (per day) | 30,001 or more endpoints | |
Professional Services | FP-10-FTEDR-000-00-00 | FortiEDR Professional Service |
FP-10-EDR-PS | FortiEDR Day | |
FP-10-PS-TRAINING | Incident Response Training | |
FP-10-EDR-FRNSCS | Forensics and IR Consultancy | |
Training Services | FT-EDR | Classroom - Virtual ILT |
FT-EDR-LAB | Lab Access - Standard NSE Training Lab Environment | |
NSE-EX-SPL5 | NSE5 Exam Voucher |
Software Specifications:
- Management, architecture, and platform support - A single, integrated management console provides prevention, detection, and incident response capabilities. Extended REST APIs are available to support any console action and beyond.
- Offline protection - Protection and detection happen on the endpoint, protecting disconnected endpoints.
- Native cloud infrastructure - FortiEDR features multi-tenant management in the cloud. The solution can be deployed as a cloud-native, hybrid, or on-premises. It also supports air-gapped environments.
- Lightweight endpoint agent - FortiEDR utilizes less than 1% CPU, up to 120 MB of RAM, 20 MB of disk space, and generates minimal network traffic.
FortiEDR supports Windows, Google Cloud, macOS, and Linux operating systems, and offers offline protection.
- Cloud management – FortiEDR features multi-tenant management in the cloud. The EDR solution can be deployed as a cloud-native, hybrid, or on-premises.
- Offline protection – Protection and detection happen directly on the endpoint, securing disconnected devices.
- Windows Versions: XP SP2/SP3, 7, 8, 8.1, 10, and 11 (32-bit and 64-bit versions)
- Windows Server Versions: 2003 SP2, R2 SP2, 2008 SP2, 2008 R2 SP1, 2012, 2012 R2, 2016, 2019, 2022, and 2025
- Google Cloud Versions: Compute Engine Deployments and Procurement
- macOS Versions: El Capitan (10.11), Sierra (10.12), High Sierra (10.13), Mojave (10.14), Catalina (10.15), Big Sur (11.x), Monterey (12.x), Ventura (13.x), Sonoma (14.x), and Sequoia (15.x)
- Linux Versions: RedHat Enterprise Linux and CentOS 6.x, 7.x, and 8.x; Ubuntu LTS 16.04.x, 18.04.x, 20.04.x server; 64-bit only Oracle Linux 6.x+, 7.7+, and 8.2+; Amazon Linux AMI 2; SuSE SLES 15.1
- VDI Environments Versions: VMware Horizons 6 and 7, Citrix XenDesktop 7
- Mobile Versions: Android 9.0 and above, iOS 15.0 and above
Use Cases:
With contextual incident response playbooks, security teams can customize and automate incident investigation and response per classification and target host, optimizing security operations. Security teams can deploy some or all of the key use cases for Fortinet's EDR Solution -- FortiEDR.

Real-Time Breach Protection
During a security incident, FortiEDR can prevent data exfiltration and protect against ransomware. It will also roll back malicious changes.
Attack Surface Reduction
FortiEDR can discover and control rogue devices, IoT devices, and applications, plus their respective vulnerabilities in real time.
Optimize Incident Response
Precanned playbook-based incident response enables customized processes based on asset value, endpoint groups, and incident classification.
OT Protection
FortiEDR ensures high availability for OT systems even during a security incident or breach.

POS System Security
FortiEDR prevents data exfiltration in the event of system compromise. It delivers virtual patching to shield POS systems from vulnerabilities.
Fabric Connectivity
FortiEDR integrates with the Fortinet Security Fabric for shared intelligence and incident response from identity, firewalls, email, and more.