By default the data retention periods are:
7 days for live user events – these are all events minus system events (see below)
1 month for compacted user events – after the “live” threshold user events are compacted to optimise the back-end storage. Compacted data is searchable and search results can be uncompacted back to Live to gain full access to corresponding event information.
Note that any alerts, generated when an event matches a configured policy, are kept indefinitely.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.