Threat hunting
Threat hunting is your view of all the events that FortiInsight captures. This is where you get access to the record of events that are streaming in from endpoints. Search events using the search bar, refine the time span of events with the date picker, and use summary tables to find more detailed information about events.
Build complex searches to find the events that you are interested in, and add search results to collections.
To see events, navigate to the Threat Hunting pages. The events are categorized as Live and compacted; you can also search for events in the usual way.
The following image shows an example event on the Live events page.
The following image shows an example event on the Compacted events page.
By default, the Threat Hunting pages show all events, which is likely to be a large number. Refine data by searching events in the Threat Hunting pages. Sort and order columns, and choose columns that you want to include and exclude. Use filters to pick a time and date range for the data that you want to see.