FortiAI example tasks
The following are examples using the FortiAI assistant in FortiAnalyzer.
You can prompt FortiAI for suggestions and with questions when needed. For example, you can prompt FortiAI to list what tasks it can help with: |
Example 1: Performing log analysis and filtering
FortiAI can guide you through analyzing logs and applying filters to refine your search. You can filter using specific criteria such as IP addresses, event actions, threat types, and more. You can also apply filters based on time ranges.
-
Prompt FortiAI to list the destination IP addresses for top threats in the past 7 days.
The FortiAI assistant responds with a list of the addresses, as well as a brief analysis and mitigation recommendations.
Example 2: Performing security reputation checks
FortiAI can investigate external IP addresses for their security reputation using FortiGuard and VirusTotal.
-
Prompt FortiAI to perform a security reputation check for an IP address.
-
If it is not provided in the initial response, you can then prompt FortiAI to provide mitigation recommendations.
Example 3: Rendering charts
FortiAI can render charts to create visual representations of the log data. This can be done using pie charts or bar charts.
You can aggregate and group data in these charts based on various fields in FortiAnalyzer. For example:
-
Prompt FortiAI to generate a pie chart based on source IPs that were connected to the malicious IP identified above.
Example 4: Creating an event handler
-
Prompt FortiAI to create an event handler connecting to the malicious IP identified above.
Prompt FortiAI to continue with the task, as needed.
When the FortiAI assistant creates the event handler, it provides the event handler name and a summary of the rule configuration.
-
After it is created, you can review and edit the event handler.
Example 5: Identifying incidents and compromised hosts
FortiAI can create, update, and track incidents, including generating reports and adding notes to existing incidents. FortiAI can also identify the compromised hosts.
-
Prompt FortiAI to provide a list of incidents created in the past 24 hours.
-
Prompt FortiAI to provide more details about a specific incident in the list.
-
Prompt FortiAI to list the affected endpoints for the incident.
Example 6: Gathering system process information
FortiAI can get a list of running processes on the server for investigation purposes. As in the example below, you can prompt FortiAI to help with the analysis.
-
Prompt FortiAI for the running processes on a specific endpoint.
-
Prompt FortiAI to review the list for a suspicious process.
-
If the analysis is not included in the previous response, prompt FortiAI for a analysis of the suspicious process(es).
Example 6: Quarantining an endpoint
FortiAI can help prevent and mitigate threats by quarantining endpoints using IP addresses.
-
Prompt FortiAI to quarantine an endpoint using the IP address.
Example 7: Generating an incident report
-
Prompt FortiAI to produce an incident report for a specific incident number.
-
To save the incident report, click the download icon in the response.