If the FortiEDR does not connect to the Aggregator for 30+ days, its state changes to 'Disconnected (Expired)':

It is possible to remove collectors by selecting them manually; however in case of a high number of 'Disconnected (Expired)', it is more convenient to use the REST-API to remove all collectors, which did not connect to the environment for some period of time.

REST-API reference can be accessed through the FortiEDR manager: https://<manager_URL>/rest-ui

It can be done with the 'delete collectors' API call: /management-rest/inventory/delete-collectors. Use the 'lastSeenEnd' parameter to define the date of the last collector's connection to delete.

Example:

In the sample case (see the screenshot above), the last connection date of the 'old-laptop' collector is 26.06.2025.

To remove the 'old-laptop' collector, the following 'lastSeenEnd' value should be set: '2025-06-27 00:00:00':

The list of deleted with the API call collectors can be found in the audit trail: (Audit Trail | FortiEDR/XDR 7.2.0