Technical Note: What is an Event

Events are things which occur on your network.  FortiInsight captures event information from endpoints; these could be;

• Network events such as file upload or download activities, or

• System events such as those which occur in the Windows directory, or

• User events such as user log in or a file read in Excel.

Each FortiInsight event from an endpoint contains the following elements for the event:

User - The user account carrying out the activity

Machine - The machine (endpoint) the activity took place on

Activity  - The activity type (e.g. user log in/off, machine on/off, File created/read/written/moved/deleted/renamed, database record updated, etc.)

Application/Process - the application used to carry out the activity e.g. Explorer.exe, Winword.exe, etc.

Resource - This is typically a path, filename, and file type involved in the activity, except for SQL Server agent events which shall specify the database and database element acted on.