Using FortiAI
The FortiAI assistant can be used to navigate the GUI and perform actions. It can also be used to answer questions and query data.
The FortiAI assistant is operated using prompts. You can use natural language to request actions or information from the FortiAI assistant. If you enter a prompt that the FortiAI assistant does not understand, it will ask for more details to clarify your request. Responses from the FortiAI assistant may also include suggestions and requests for you to consider. For example, after responding to a query for information, the FortiAI assistant may ask if you would like help performing a related action
The FortiAI assistant's responses can include text, images, widgets, and data retrieved directly from your FortiAnalyzer environment.
|
If you log out, close, or reload your session, you will not be able to continue your current thread with the FortiAI assistant. For example, you will not be able to reference a chart the FortiAI assistant in the current thread after reloading. |
Capabilities of FortiAI in FortiAnalyzer can be categorized into the following areas:
| Category | Description |
|---|---|
|
Incident detection |
FortiAI can help to create event handlers and event handler rules for incident detection. The event handlers can be created automatically according to your prompts, and the rules are customized to your environment. For example, during log analysis, if you find a suspicious log and want to get informed of similar occurrences, you can send the following prompt to FortiAI: "Keep me updated with same log happening again." FortiAI will automatically help to create an event handler for this kind of log. |
|
Incident investigation |
FortiAI can help to gather relevant information from multiple places in the FortiAnalyzer GUI. In addition, FortiAI can provide the context for the information, such as the threat information and the affected assets. Using these queries, you can perform an interactive investigation with FortiAI by asking follow-up questions, refining queries for information, and exploring different aspects of the incident to discover correlations within a single thread. |
|
Incident response |
FortiAI is integrated with playbooks and connectors for incident response automation. FortiAI can also support with post-incident reviews and compliance by generating detailed incident reports. Using these queries, you can collect many details related to the incident, including targeted endpoint information, event details, critical incident information, and the impact explanations. This information can be used to determine the root cause of the security threat and to initiate response measures. |
|
Visibility and insights |
FortiAI can generate custom charts and reports from the available log data. You can specify data sources, parameters, and choose the visualation type through a guided process with FortiAI. |
When using FortiAI, your prompts should be directly related to the information the assistant is programmed to access, enabling efficient and effective data retrieval.
A valid prompt is a clear, well-defined question that the FortiAI assistant can easily interpret and process. It should be specific and relevant to the data or queries the FortiAI assistant is designed to handle. A valid prompt can be translated into precise SQL queries to retrieve accurate results.
Example of valid prompts:
-
Can you provide a summary of the latest security incidents detected?
-
Could you assist in identifying any anomalies in our network traffic?
-
Is there any unusual behavior observed from specific user accounts we should investigate?
-
Are there any known exploits or vulnerabilities that we need to remediate immediately?
-
Is there any unusual outbound network traffic that could indicate data exfiltration?
An invalid prompt is one that cannot be easily interpreted or processed by the FortiAI assistant. This typically includes prompts that are ambiguous, lack sufficient detail, or are outside the scope of the FortiAI assistant’s capabilities.
Example of invalid prompts:
-
"How many attacks will I receive tomorrow based on past trends?"
This prompt is asking for information that requires FortiAI to make assumptions. Instead, consider prompting for an analysis of the current trends, and then following up to determine possible next steps to mitigate attacks according to those trends.
-
"Give me a report of PCI compliance for my infrastructure."
This prompt is too vague and FortiAI will likely ask for clarification, requiring more tokens. Instead, consider making the initial prompt more specific by including the related logs, devices, and/or a timeline. For more suggested best practices regarding tokens, see FortiAI tokens.
|
The above examples use full sentences. However, in general, using more text means using more tokens. To more efficiently use tokens, keep your prompts concise. For more information about tokens, see FortiAI tokens. |
The FortiAI assistant pane includes the following:
|
Section |
Description |
|
|---|---|---|
|
Toolbar |
Click an icon to perform the related action or open the related dialog. |
|
|
|
Restart Thread |
Restart the FortiAI chat thread. |
|
|
Download Chat History |
Download the current chat thread in HTML or PNG format. |
|
|
Close |
Close the FortiAI pane. This does not clear the current thread. You can continue the chat thread by re-opening the FortiAI assistant in the same session. |
|
Thread |
Displays your prompts and the FortiAI assistant’s responses for the current thread. At the bottom of responses from the FortiAI assistant, click the help icon to display the function callback results. |
|
|
Prompt |
Enter a prompt for the FortiAI assistant, and then click send. Alternatively, you can click the microphone icon to speak a prompt for the FortiAI assistant. When available, suggested prompts display above the text box. You can click these suggestions to prompt the FortiAI assistant. |
|
|
Monthly token usage |
Displays the percentage of monthly tokens used for the current month. For more information, see FortiAI tokens. |
|