Help
FortiEDR
FortiEDR automates the protection against advanced threats, pre and post-execution, with real time orchestrated incident response functionality.
ymasaki
Staff
Staff

Created on ‎09-02-2024 11:47 PM

Article Id 338594

Technical Tip: FortiEDR Log Retention Periods

Description This article describes the log retention periods to ensure how long different types of logs are retained within the system.
Scope FortiEDR.
Solution

FortiEDR categorizes logs into four distinct types each with its own specified retention period:

Log type Description Location Retention Period
Security Events Incidents and alerts related to potential security threats and anomalies detected by FortiEDR Collector. Event Viewer At least 1 year
System Events System related activities in the FortiEDR system. ADMINISTRATION -> SYSTEM EVENTS 9-10 months (200 days)
Audit Trail User related actions in the FortiEDR system. TOOLS -> AUDIT TRAIL 9-10 months (200 days)
Threat Hunting Endpoint activities including Process, File, Network, Registry and Log actions. - THREAT HUNTING in v6.2
- FORENSICS -> Threat Hunting in v6.0 or below		 *Approx. 30 days with the default Inventory Profile

 

Visit How to Maximize data retention for Threat Hunting Repository for more information about the Threat Hunting log retention.

 

If the retention periods do not meet the organization's compliance, FortiEDR provides the option to forward logs to an external Syslog server. This setup allows for extended storage and backup of critical logs.

For syslog setup, visit the admin guide Syslog.
582
Suggest New Article
Article Feedback
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.