Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY 26.2.1
Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Products Best Practices Hardware Guides Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
All Products
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Web Application Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
    • More >>
    Unified SASE
  • Single Vendor SASE
  • Cloud Network Security
  • Secure Endpoint Connectivity
  • Web Application / API Protection
    • More >>
    Security Operations
  • Security Operations Automation
  • Identity
  • Early Detection & Prevention
    • More >>
    Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
  • Communication & Surveillance
    • Unified SASE
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Cloud Network Security
  • Cloud-Native Security
  • Web Application / API Protection
    • Security Operations
  • Security Operations Automation
  • Endpoint
  • Data Protection
  • Identity
  • Email
  • Early Detection & Prevention
  • Expert Services
  • Edge Firewall
  • Orchestration & management
  • SD Branch
  • Application Delivery
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Secure Private Access
  • Thin Edge
  • Identity
  • Application Gateway
  • Enterprise Asset Management
  • Endpoint Agent
  • Agentless Security Posture
  • Identity
  • Wireless
  • Switching
  • Identity
  • Privilege Acccess Management
  • Next Generation Firewall
  • Orchestration & management
  • Expert Services
  • Web Application / API Protection
  • All
  • All
  • Account Management
  • SAAS Management
  • SAAS Application Security
  • Managed Services
  • Platform as a service (PAAS)
  • Other SAAS Services
    • 4D Resources
    Solution Hubs
  • 4D Pillars
  • Cloud
  • Popular Solutions
    • All Products

    Administration Guide

    Home FortiSOC Cloud Administration Guide

    AI overview

    AI overview

    The FortiAI service included with FortiSOC provides the following capabilities:

    • Case impact analysis, including suggested next steps for a SOC action plan

    • Threat summaries, including insights for high-risk cases, alerts, and assets

    • Threat investigation support using an AI investigation agent

    FortiAI is powered by the Fortinet FortiAI connector, which comes preconfigured for your FortiSOC instance. This FortiAI proxy is a secure intermediary that routes chat completion API requests through a controlled layer instead of sending them directly to the LLM provider.

    This connector includes the following actions:

    Action

    Description

    Chat Completion

    Chat Completions is an API endpoint that allows applications to interact with AI models using a conversation format (messages with roles like system, user, and assistant). It is used to generate responses, answer questions, automate tasks.

    Create Response

    Create an new AI response using the Responses API.

    Get Token Balance Details

    Retrieves the token balance details, including entitled tokens, top-up tokens, account tokens, and their respective remaining balances.

    FortiAI is used in the following playbooks, which can be found in Automation > Playbooks within the Fortinet FortiAI playbook collection:

    Playbook

    Description

    FortiAI - Case Impact Assessments

    This playbook leverages AI to automatically evaluate the potential business impact of a security incident, providing analysts with a prioritized risk score and context to focus on the most critical threats first.

    FortiAI - Case Extraction

    AI-powered case data extraction from security alerts for automated triage and response.

    FortiAI - Case Enrichment & Impact Analysis

    Extract information from cases and assess its impact.

    FortiAI - Case Enrichment & Impact Analysis (On Update)

    Extract information from cases (on update) and assess its impact.

    FortiAI - Case Autonomously Remediation Demo

    A demonstration playbook showcasing FortiAI's ability to autonomously investigate and remediate common security cases, providing a hands-on view of fully automated threat resolution from detection to containment.

    FortiAI - Asset Threat Posture Timeline

    Automatically generates a chronological timeline of security events and posture changes for a specific asset, giving analysts a clear, visual of its exposure to threats and the evolution of its security state.

    To leverage AI within FortiSOC, SOC analysts can:

    • execute FortiAI playbooks where relevant in the FortiSOC platform, such as within Cases or Case details. See FortiAI case enrichment.

    • open the FortiAI Insight pane to view a threat summary of cases, alerts, and assets. See FortiAI Insight.

    • prompt the FortiAI Investigation Agent for threat investigation support. See FortiAI Investigation Agent.

    Previous
    Next

    AI overview

    AI overview

    The FortiAI service included with FortiSOC provides the following capabilities:

    • Case impact analysis, including suggested next steps for a SOC action plan

    • Threat summaries, including insights for high-risk cases, alerts, and assets

    • Threat investigation support using an AI investigation agent

    FortiAI is powered by the Fortinet FortiAI connector, which comes preconfigured for your FortiSOC instance. This FortiAI proxy is a secure intermediary that routes chat completion API requests through a controlled layer instead of sending them directly to the LLM provider.

    This connector includes the following actions:

    Action

    Description

    Chat Completion

    Chat Completions is an API endpoint that allows applications to interact with AI models using a conversation format (messages with roles like system, user, and assistant). It is used to generate responses, answer questions, automate tasks.

    Create Response

    Create an new AI response using the Responses API.

    Get Token Balance Details

    Retrieves the token balance details, including entitled tokens, top-up tokens, account tokens, and their respective remaining balances.

    FortiAI is used in the following playbooks, which can be found in Automation > Playbooks within the Fortinet FortiAI playbook collection:

    Playbook

    Description

    FortiAI - Case Impact Assessments

    This playbook leverages AI to automatically evaluate the potential business impact of a security incident, providing analysts with a prioritized risk score and context to focus on the most critical threats first.

    FortiAI - Case Extraction

    AI-powered case data extraction from security alerts for automated triage and response.

    FortiAI - Case Enrichment & Impact Analysis

    Extract information from cases and assess its impact.

    FortiAI - Case Enrichment & Impact Analysis (On Update)

    Extract information from cases (on update) and assess its impact.

    FortiAI - Case Autonomously Remediation Demo

    A demonstration playbook showcasing FortiAI's ability to autonomously investigate and remediate common security cases, providing a hands-on view of fully automated threat resolution from detection to containment.

    FortiAI - Asset Threat Posture Timeline

    Automatically generates a chronological timeline of security events and posture changes for a specific asset, giving analysts a clear, visual of its exposure to threats and the evolution of its security state.

    To leverage AI within FortiSOC, SOC analysts can:

    • execute FortiAI playbooks where relevant in the FortiSOC platform, such as within Cases or Case details. See FortiAI case enrichment.

    • open the FortiAI Insight pane to view a threat summary of cases, alerts, and assets. See FortiAI Insight.

    • prompt the FortiAI Investigation Agent for threat investigation support. See FortiAI Investigation Agent.

    Previous
    Next