Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY 26.2.1
Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Products Best Practices Hardware Guides Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
All Products
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Web Application Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
    • More >>
    Unified SASE
  • Single Vendor SASE
  • Cloud Network Security
  • Secure Endpoint Connectivity
  • Web Application / API Protection
    • More >>
    Security Operations
  • Security Operations Automation
  • Identity
  • Early Detection & Prevention
    • More >>
    Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
  • Communication & Surveillance
    • Unified SASE
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Cloud Network Security
  • Cloud-Native Security
  • Web Application / API Protection
    • Security Operations
  • Security Operations Automation
  • Endpoint
  • Data Protection
  • Identity
  • Email
  • Early Detection & Prevention
  • Expert Services
  • Edge Firewall
  • Orchestration & management
  • SD Branch
  • Application Delivery
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Secure Private Access
  • Thin Edge
  • Identity
  • Application Gateway
  • Enterprise Asset Management
  • Endpoint Agent
  • Agentless Security Posture
  • Identity
  • Wireless
  • Switching
  • Identity
  • Privilege Acccess Management
  • Next Generation Firewall
  • Orchestration & management
  • Expert Services
  • Web Application / API Protection
  • All
  • All
  • Account Management
  • SAAS Management
  • SAAS Application Security
  • Managed Services
  • Platform as a service (PAAS)
  • Other SAAS Services
    • 4D Resources
    Solution Hubs
  • 4D Pillars
  • Cloud
  • Popular Solutions
    • All Products

    Administration Guide

    Home FortiSOC Cloud Administration Guide

    FortiAI Insight

    FortiAI Insight

    Going to Cases & Alerts > FortiAI Insight triggers FortiAI to fetch cases and alerts and perform deep correlation analysis. This highlights the threats for SOC analysts and guides next steps.

    Once FortiAI completes the analysis, the FortiAI Insight pane displays the following information:

    Widget

    Description

    Current Threat Summary

    Lists the number of prioritized cases, high-risk assets, recurring cases, a reduce noise alerts. See below for further descriptions.

    Prioritized Cases

    Lists prioritized cases ranked by risk factors, including:

    • Severity: Critical/High severity cases

    • SLA State: Missed SLA deadlines

    • Phase: Active investigation phase

    • Threat IOCs: Correlated malicious and suspicious indicators

    • Alert Volume: Multiple correlated alerts

    Click a case to display the Case details.

    High-Risk Assets

    Lists high-risk assets flagged for risk factors, including:

    • Vulnerabilities: Critical/High vulnerability counts

    • Active Cases: Asset involved in open cases

    • Threat IOCs: Associated with malicious and suspicious indicators

    • Compromised Identities: User account shows high-risk behavior

    Click an asset to display the Asset details.

    Click AI Analysis to view the analysis from FortiAI. This includes the Risk and Score for the asset as well as the supporting evidence (Risk Score, number of critical and high vulnerabilities, number of active cases, number of indicators, etc.).

    Recurring Cases

    Detects patterns across cases:

    • IOC Reuse: Same malicious/suspicious indicators (IPs, domain, hashes) appear in multiple cases

    • Asset Compromise: Same asset/hostname targeted across multiple cases

    • User Targeting: Same user/email targeted across multiple cases

    Click a record in the list to view the details. From these details, you can click the related cases to open their Case details.

    Click AI Analysis to view the analysis from FortiAI. This includes the breakdown of the IOC Reuse, Asset Compromise, or User Targeting identified by FortiAI.

    Patterns require two or more cases to be flagged.

    Noise Reduction Alerts

    Alerts flagged as potential false positives, which could be generating noise:

    • Low Signal: Minimal threat indicators present

    • Benign Patterns: Matches known safe activity

    • Rule Drift: Detection rules may need recalibration

    Review these alerts and, if appropriate, suppress them to reduce noise and analyst fatigue.

    Click AI Analysis to view the analysis from FortiAI, including confidence and brief reasoning for flagging the false positive.

    The analysis will remain if the SOC analyst navigates away and returns to the FortiAI Insight pane. Click Re-run Analysis to trigger a fresh analysis from FortiAI.

    Click Actions to view the Recommended Actions from FortiAI.

    Previous
    Next

    FortiAI Insight

    FortiAI Insight

    Going to Cases & Alerts > FortiAI Insight triggers FortiAI to fetch cases and alerts and perform deep correlation analysis. This highlights the threats for SOC analysts and guides next steps.

    Once FortiAI completes the analysis, the FortiAI Insight pane displays the following information:

    Widget

    Description

    Current Threat Summary

    Lists the number of prioritized cases, high-risk assets, recurring cases, a reduce noise alerts. See below for further descriptions.

    Prioritized Cases

    Lists prioritized cases ranked by risk factors, including:

    • Severity: Critical/High severity cases

    • SLA State: Missed SLA deadlines

    • Phase: Active investigation phase

    • Threat IOCs: Correlated malicious and suspicious indicators

    • Alert Volume: Multiple correlated alerts

    Click a case to display the Case details.

    High-Risk Assets

    Lists high-risk assets flagged for risk factors, including:

    • Vulnerabilities: Critical/High vulnerability counts

    • Active Cases: Asset involved in open cases

    • Threat IOCs: Associated with malicious and suspicious indicators

    • Compromised Identities: User account shows high-risk behavior

    Click an asset to display the Asset details.

    Click AI Analysis to view the analysis from FortiAI. This includes the Risk and Score for the asset as well as the supporting evidence (Risk Score, number of critical and high vulnerabilities, number of active cases, number of indicators, etc.).

    Recurring Cases

    Detects patterns across cases:

    • IOC Reuse: Same malicious/suspicious indicators (IPs, domain, hashes) appear in multiple cases

    • Asset Compromise: Same asset/hostname targeted across multiple cases

    • User Targeting: Same user/email targeted across multiple cases

    Click a record in the list to view the details. From these details, you can click the related cases to open their Case details.

    Click AI Analysis to view the analysis from FortiAI. This includes the breakdown of the IOC Reuse, Asset Compromise, or User Targeting identified by FortiAI.

    Patterns require two or more cases to be flagged.

    Noise Reduction Alerts

    Alerts flagged as potential false positives, which could be generating noise:

    • Low Signal: Minimal threat indicators present

    • Benign Patterns: Matches known safe activity

    • Rule Drift: Detection rules may need recalibration

    Review these alerts and, if appropriate, suppress them to reduce noise and analyst fatigue.

    Click AI Analysis to view the analysis from FortiAI, including confidence and brief reasoning for flagging the false positive.

    The analysis will remain if the SOC analyst navigates away and returns to the FortiAI Insight pane. Click Re-run Analysis to trigger a fresh analysis from FortiAI.

    Click Actions to view the Recommended Actions from FortiAI.

    Previous
    Next