Fortinet FortiNDR (Formerly FortiAI)
In ADMIN > Device Support > Event Types, search for "fortiai" to see the event types associated with this device.
In RESOURCES > Rules, search for "fortiai" in the main content panel Search... field to see related rules associated with this device.
FortiAI: Attack Chain Blocked
FortiAI: Attack Chain Permitted
In RESOURCES > Reports, search for "fortiai" in the main content panel Search... field to see the reports associated with this device.
FortiSIEM processes events from this device via syslog. Configure the device to send syslog to FortiSIEM on port 514.
FortiAI Syslog Configuration
See the current FortiAI Administration Guide for the latest configuration information under Log & Report. The instructions provided here are based off the 1.5.0 FortiAI Administration Guide.
From the FortiAI GUI, navigate to Log and Report > Log Settings > Remote Log Server.
Set Send logs to FortiSIEM to Enable.
Set Type to Syslog.
In the Log Server Address field, enter the IP address or FQDN of the FortiSIEM Collector.
In the Port field, enter "514".