FortiInsight
FortiInsight monitors endpoint activity in the form of events. It provides automated inspection and alerts against these events in the form of policy and Augmented intelligence (AI) based inspection.
jmcritchie
Staff
Staff
Article Id 190023
Description

Events are things which occur on your network.  FortiInsight captures event information from endpoints; these could be;


  • Network events such as file upload or download activities, or

  • System events such as those which occur in the Windows directory, or

  • User events such as user log in or a file read in Excel.


Each FortiInsight event from an endpoint contains the following elements for the event:



User - The user account carrying out the activity

Machine - The machine (endpoint) the activity took place on

Activity  - The activity type (e.g. user log in/off, machine on/off, File created/read/written/moved/deleted/renamed, database record updated, etc.)

Application/Process - the application used to carry out the activity e.g. Explorer.exe, Winword.exe, etc.

Resource - This is typically a path, filename, and file type involved in the activity, except for SQL Server agent events which shall specify the database and database element acted on. 


For network events only: Network destination and origin, including port number used for the transfer
Contributors