How far back can you view history for IOC?

The ability to view historical data for Indicators of Compromise (IOC) in FortiAnalyzer allows security professionals to analyze past threats and vulnerabilities effectively. In FortiAnalyzer, the system typically retains IOC data for a duration of seven days. This timeframe provides a practical balance, enabling administrators to conduct timely and relevant investigations into suspicious activities while ensuring that storage resources are adequately managed.

This limited period helps maintain the performance of the logging and reporting system while providing sufficient historical context to correlate with ongoing security events. Organizations often require immediate access to recent data to respond quickly to potential threats, making a seven-day retrospective an effective choice for many environments.