Technical Note: How does FortiInsight collect data
Description
FortiInsight agents are installed on “endpoints”. These agents collect endpoint activity data, and push this data to the FortiInsight Collector Server at the back-end, where it is stored and analysed by the FortiInsight system.
The activity data sent by the agent is in the form of 'events'. These are operating system level activities, such as machine on/off, user logon/off, process start/stop, file read/write/delete/rename/move, etc. and are collected and sent as they happen in real-time on the endpoint. Any endpoint which is off network (i.e. cannot connect to the FortiInsight back-end), shall cache activity data locally and then upload this to the collector server as soon as connectivity is re-established.