FortiInsight monitors endpoint activity in the form of events. It provides automated inspection and alerts against these events in the form of policy and Augmented intelligence (AI) based inspection.
Community Manager
Community Manager
This article describes how is FortiInsight used for threat hunting.

FortiInsight records a forensic timeline of all endpoint submitted events and provides an extensive search capabilities across this event recording in order to carry out threat hunting.

By capturing vast amounts of data, it is possible to build up a detailed picture of the user behavior and investigate activities which either do not comply with policies, are anomalous or are both anomalous and non-compliant.