Fortinet black logo

External Systems Configuration Guide

Fortinet FortiNDR (Formerly FortiAI)

Fortinet FortiNDR (Formerly FortiAI)

Event Types

In ADMIN > Device Support > Event Types, search for "fortiai" to see the event types associated with this device.

Rules

In RESOURCES > Rules, search for "fortiai" in the main content panel Search... field to see related rules associated with this device.

  • FortiAI: Attack Chain Blocked

  • FortiAI: Attack Chain Permitted

Reports

In RESOURCES > Reports, search for "fortiai" in the main content panel Search... field to see the reports associated with this device.

Configuration

FortiSIEM processes events from this device via syslog. Configure the device to send syslog to FortiSIEM on port 514.

FortiAI Syslog Configuration

See the current FortiAI Administration Guide for the latest configuration information under Log & Report. The instructions provided here are based off the 1.5.0 FortiAI Administration Guide.

  1. From the FortiAI GUI, navigate to Log and Report > Log Settings > Remote Log Server.

  2. Set Send logs to FortiSIEM to Enable.

  3. Set Type to Syslog.

  4. In the Log Server Address field, enter the IP address or FQDN of the FortiSIEM Collector.

  5. In the Port field, enter "514".

  6. Click OK.

Fortinet FortiNDR (Formerly FortiAI)

Event Types

In ADMIN > Device Support > Event Types, search for "fortiai" to see the event types associated with this device.

Rules

In RESOURCES > Rules, search for "fortiai" in the main content panel Search... field to see related rules associated with this device.

  • FortiAI: Attack Chain Blocked

  • FortiAI: Attack Chain Permitted

Reports

In RESOURCES > Reports, search for "fortiai" in the main content panel Search... field to see the reports associated with this device.

Configuration

FortiSIEM processes events from this device via syslog. Configure the device to send syslog to FortiSIEM on port 514.

FortiAI Syslog Configuration

See the current FortiAI Administration Guide for the latest configuration information under Log & Report. The instructions provided here are based off the 1.5.0 FortiAI Administration Guide.

  1. From the FortiAI GUI, navigate to Log and Report > Log Settings > Remote Log Server.

  2. Set Send logs to FortiSIEM to Enable.

  3. Set Type to Syslog.

  4. In the Log Server Address field, enter the IP address or FQDN of the FortiSIEM Collector.

  5. In the Port field, enter "514".

  6. Click OK.