FortiInsight
FortiInsight monitors endpoint activity in the form of events. It provides automated inspection and alerts against these events in the form of policy and Augmented intelligence (AI) based inspection.
jmcritchie
Staff
Staff
Article Id 192242
Description

By default the data retention periods are: 

  • 7 days for live user events – these are all events minus system events (see below)

  • 1 month for compacted user events – after the “live” threshold user events are compacted to optimise the back-end storage. Compacted data is searchable and search results can be uncompacted back to Live to gain full access to corresponding event information.

 Note that any alerts, generated when an event matches a configured policy, are kept indefinitely.


Contributors