Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY 8.0.0
Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Products Best Practices Hardware Guides Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
All Products
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Web Application Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
    • More >>
    Unified SASE
  • Single Vendor SASE
  • Cloud Network Security
  • Secure Endpoint Connectivity
  • Web Application / API Protection
    • More >>
    Security Operations
  • Security Operations Automation
  • Identity
  • Early Detection & Prevention
    • More >>
    Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
  • Communication & Surveillance
    • Unified SASE
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Cloud Network Security
  • Cloud-Native Security
  • Web Application / API Protection
    • Security Operations
  • Security Operations Automation
  • Endpoint
  • Data Protection
  • Identity
  • Email
  • Early Detection & Prevention
  • Expert Services
  • Edge Firewall
  • Orchestration & management
  • SD Branch
  • Application Delivery
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Secure Private Access
  • Thin Edge
  • Identity
  • Application Gateway
  • Enterprise Asset Management
  • Endpoint Agent
  • Agentless Security Posture
  • Identity
  • Wireless
  • Switching
  • Identity
  • Privilege Acccess Management
  • Next Generation Firewall
  • Orchestration & management
  • Expert Services
  • Web Application / API Protection
  • All
  • All
  • Account Management
  • SAAS Management
  • SAAS Application Security
  • Managed Services
  • Platform as a service (PAAS)
  • Other SAAS Services
    • 4D Resources
    Solution Hubs
  • 4D Pillars
  • Cloud
  • Popular Solutions
    • All Products

    AI Transparency Note

    Home FortiAnalyzer 8.0.0 AI Transparency Note
    8.0.0
    8.0.0
    7.6.0

    1. Purpose and Scope

    1. Purpose and Scope

    1.1 Document Purpose

    This AI Transparency Notes document provides a disclosure of the FortiAI feature embedded within FortiAnalyzer. It describes how the AI assistant works, what data it processes, how it is designed, and what safeguards are in place — enabling administrators, compliance teams, and auditors to make informed decisions about its deployment and use. All content in this document is based directly on the FortiAI FortiAnalyzer product specification.

    1.2 What is FortiAI on FortiAnalyzer?

    FortiAnalyzer (FAZ) delivers centralized visibility and analytics across the security infrastructure, providing a solution to handle logs, events, traffic patterns, threat activity, and compliance posture. It aggregates and correlates data from FortiGate devices and the broader Fortinet ecosystem to deliver actionable insights, automated reporting, forensic analysis, and long-term log retention. This enables consistent monitoring, threat detection, and compliance reporting.

    While FortiAnalyzer is a robust analytics and reporting platform, navigating large volumes of log data and constructing advanced queries or reports can introduce operational complexity. FortiAI on FortiAnalyzer is an intelligent assistant designed to reduce that complexity by streamlining log analysis, accelerating investigations, simplifying report generation, and enabling natural-language-driven insights. FortiAI maintains strict data handling controls and security first design principles.

    FortiAI provides a chat window within the FortiAnalyzer UI through which administrators can ask questions and request tasks in natural language. Answers and results are returned in the same chat window. Specific features can also be triggered directly from the UI via dedicated buttons, for example, creation of a new Event Handler with LLM-assistant configuration.

    1.3 Features

    Agent / Feature

    Description

    Log Statistics and Filtering

    Uses natural language queries to generate log-based statistics such as top sources, destinations, applications, users, and threat categories. Automatically applies and refines filters (time range, device, severity, subtype, etc.) to narrow datasets and produce summarized insights without requiring manual query construction.

    Event Summary and Filtering

    Aggregates and summarizes security events across devices and ADOMs, highlighting severity, frequency, trends, and impacted assets. Supports natural language-driven filtering to isolate specific event types, timeframes, threat levels, or affected systems for rapid investigation.

    Log Table Visualization

    Dynamically generates graphs based on log tables based from user prompts. Selects relevant contextual filters, sorts and groups data, and presents results in a format to accelerate triage and analysis workflows.

    Incident Creation, Update, Report

    Assists with creating new incidents from investigations, auto-populating relevant contextual details. Supports updating incident via adding notes, comments, and refining incident details into downloadable pdf reports.

    Event Handler Support

    Provides visibility into configured event handlers, explains trigger logic and conditions, and assists in identifying which handlers correspond to specific alerts. Can guide users in modifying or validating handler configurations through contextual explanations.

    FAZ Status Checks

    Uses FAZ CLI operations to report current performance metrics, including storage, log rates, ADOM partitions, etc. Can give further recommendations for improvement with the combined usage of General Knowledge Agent.

    General Knowledge Agent

    Answers product questions, compares features and specifications, navigates to specific UI pages within FortiAnalyzer, and locates relevant Fortinet documentation. Serves as a guided entry point for FortiAnalyzer and Fortinet product knowledge.

    1.4 Target Audience

    Audience

    Relevance

    Network Security Administrators

    Primary users; interact with FortiAI daily for device management, policy work, and diagnostics

    Security Operations Teams

    Consumers of AI-generated diagnostics, reports, and remediation guidance

    IT Compliance and Audit Teams

    Review of AI governance, data handling, and acceptable use boundaries

    CISOs / IT Leadership

    Strategic oversight of AI deployment and associated risk posture

    Data Protection Officers

    Privacy impact review; data flows, masking practices, and retention policies
    Previous
    Next

    1. Purpose and Scope

    1. Purpose and Scope

    1.1 Document Purpose

    This AI Transparency Notes document provides a disclosure of the FortiAI feature embedded within FortiAnalyzer. It describes how the AI assistant works, what data it processes, how it is designed, and what safeguards are in place — enabling administrators, compliance teams, and auditors to make informed decisions about its deployment and use. All content in this document is based directly on the FortiAI FortiAnalyzer product specification.

    1.2 What is FortiAI on FortiAnalyzer?

    FortiAnalyzer (FAZ) delivers centralized visibility and analytics across the security infrastructure, providing a solution to handle logs, events, traffic patterns, threat activity, and compliance posture. It aggregates and correlates data from FortiGate devices and the broader Fortinet ecosystem to deliver actionable insights, automated reporting, forensic analysis, and long-term log retention. This enables consistent monitoring, threat detection, and compliance reporting.

    While FortiAnalyzer is a robust analytics and reporting platform, navigating large volumes of log data and constructing advanced queries or reports can introduce operational complexity. FortiAI on FortiAnalyzer is an intelligent assistant designed to reduce that complexity by streamlining log analysis, accelerating investigations, simplifying report generation, and enabling natural-language-driven insights. FortiAI maintains strict data handling controls and security first design principles.

    FortiAI provides a chat window within the FortiAnalyzer UI through which administrators can ask questions and request tasks in natural language. Answers and results are returned in the same chat window. Specific features can also be triggered directly from the UI via dedicated buttons, for example, creation of a new Event Handler with LLM-assistant configuration.

    1.3 Features

    Agent / Feature

    Description

    Log Statistics and Filtering

    Uses natural language queries to generate log-based statistics such as top sources, destinations, applications, users, and threat categories. Automatically applies and refines filters (time range, device, severity, subtype, etc.) to narrow datasets and produce summarized insights without requiring manual query construction.

    Event Summary and Filtering

    Aggregates and summarizes security events across devices and ADOMs, highlighting severity, frequency, trends, and impacted assets. Supports natural language-driven filtering to isolate specific event types, timeframes, threat levels, or affected systems for rapid investigation.

    Log Table Visualization

    Dynamically generates graphs based on log tables based from user prompts. Selects relevant contextual filters, sorts and groups data, and presents results in a format to accelerate triage and analysis workflows.

    Incident Creation, Update, Report

    Assists with creating new incidents from investigations, auto-populating relevant contextual details. Supports updating incident via adding notes, comments, and refining incident details into downloadable pdf reports.

    Event Handler Support

    Provides visibility into configured event handlers, explains trigger logic and conditions, and assists in identifying which handlers correspond to specific alerts. Can guide users in modifying or validating handler configurations through contextual explanations.

    FAZ Status Checks

    Uses FAZ CLI operations to report current performance metrics, including storage, log rates, ADOM partitions, etc. Can give further recommendations for improvement with the combined usage of General Knowledge Agent.

    General Knowledge Agent

    Answers product questions, compares features and specifications, navigates to specific UI pages within FortiAnalyzer, and locates relevant Fortinet documentation. Serves as a guided entry point for FortiAnalyzer and Fortinet product knowledge.

    1.4 Target Audience

    Audience

    Relevance

    Network Security Administrators

    Primary users; interact with FortiAI daily for device management, policy work, and diagnostics

    Security Operations Teams

    Consumers of AI-generated diagnostics, reports, and remediation guidance

    IT Compliance and Audit Teams

    Review of AI governance, data handling, and acceptable use boundaries

    CISOs / IT Leadership

    Strategic oversight of AI deployment and associated risk posture

    Data Protection Officers

    Privacy impact review; data flows, masking practices, and retention policies
    Previous
    Next