ML / AI Settings
- General Configuration
- Configuring AWS ML
- Configuring Azure OpenAI for FortiAI
- Configuring FortiAI
- Cloud Machine Learning
- Configuring Azure OpenAI Services for FortiAI
General Configuration
To configure FortiAI to automatically clear incidents within a certain percentage, take the following steps.
- Navigate to Admin > Settings > Analytics > ML / AI.
- Click on the General tab.
- In the percentage field, enter the percentage to be applied to automatically clear incidents.
- Check the Auto Clear Incidents check box.
- Click Save to save the configuration.
Configuring AWS ML
See Cloud Machine Learning for set up.
Configuring Azure OpenAI for FortiAI
See Configuring Azure OpenAI Services for FortiAI for set up.
Configuring FortiAI
To configure FortiAI, take the following steps.
- Navigate to Admin > Settings > Analytics > ML / AI.
- Click on the FortiAI tab.
Note: This is only available for Super Global User. - For OpenAI Service, select OpenAI or Azure OpenAI depending whether you are using OpenAI or Azure OpenAI, respectively.
- If Azure OpenAI was selected in the prior step, in the AzureAI Resource Name field, enter the Azure AI Resource name from the foundry configuration.
- In the ChatGPT Key field, enter your ChatGPT Key.
- Click Save to save the configuration.
Cloud Machine Learning
This section describes how to configure AWS SageMaker for running FortiSIEM Machine Learning jobs in AWS.
Set Up AWS SageMaker
To set up AWS SageMaker, take the following steps.
Step 1: Create an AWS Account
If you already have an AWS account, proceed to Step 2. Make sure you have your AWS account ID for the next step.
To create an AWS account, navigate to https://portal.aws.amazon.com/billing/signup, follow the instructions there, and record your AWS account ID for use in Step 2.
Step 2: Create an IAM Administrator User and Group
When you create an AWS account, you get a single sign-in identity that has complete access to all of the AWS services and resources in the account. This identity is called the AWS account root user. Signing in to the AWS console using the email address and password that you used to create the account gives you complete access to all of the AWS resources in your account. Fortinet strongly recommends that you not use the root user for everyday tasks, even administrative ones. Instead, adhere to the Security best practices in IAM.
To create an administrator user, follow the instructions here: Creating Your First IAM User and Administrators Group.
Step 3: Create SageMaker Execution Role and Policy
To create a SageMaker execution role and policy, take the following steps.
- Open your IAM console at https://console.aws.amazon.com/iam/.
- In the left pane, under Access management, select Roles, then click Create role.
- Click on the SageMaker drop-down list, select SageMaker - Execution, then click Next to go to "Step 2 Add permissions".
- Select Next to go to "Step 3 Name, review, and create".
Note: The IAM managed policy, AmazonSageMakerFullAccess, is automatically attached to the role being created. To see the permissions included in this policy, click the carat next to the policy name. - In the Role name field, enter a name for the role, then click Create role.
- On the Roles section of the IAM console, select the role you just created.
Note: You can locate your role name by entering it partially in the Search field. - Select Add permissions, then click Create inline policy.
- Click Choose a service.
- In the Service field, enter "s3", then select s3.
- Under Actions, under Access level, select List, Read and Write.
- Under Resources, locate bucket, check the Any checkbox, then click Review policy.
- Under Review policy, in the Name field, enter the name of your policy, then click Create policy.
Configure FortiSIEM to use AWS SageMaker
Note: Ensure Amazon SageMaker is set up first.
To configure AWS for Cloud Machine Learning, take the following steps:
- Navigate to Admin > Settings > Analytics > ML / AI.
- Click on the AWS ML tab.
- In the Access Key field, enter the Access Key for your AWS Cloud account.
- In the Secret Access Key field, enter the Secret Access Key of your AWS Cloud account.
- In the Region field, enter the region where your AWS resides.
- In the S3 Bucket field, enter the S3 bucket.
- In the SageMaker Execution Role field, enter the SageMaker Execution role.
- Click Test, to test the configuration.
- If Test is successful, click Save.
Other Tasks
- Checking AWS SageMaker Training Job Status
- Checking AWS SageMaker Hyperparameter Tuning Job Status
- Checking AWS SageMaker Inference Job Status
Checking AWS SageMaker Training Job Status
To monitor your SageMaker training jobs, take the following steps.
- Navigate to https://console.aws.amazon.com/sagemaker/.
- In the left navigation pane, expand Training, select Training jobs, and from the center pane, choose the relevant task name.
Checking AWS SageMaker Hyperparameter Tuning Job Status
To check on the status of your SageMaker Hyperparameter tuning jobs, take the following steps.
- Navigate to https://console.aws.amazon.com/sagemaker/.
- In the left navigation pane, expand Training, select Hyperparameter tuning jobs, and from the center pane, choose the relevant task name.
Checking AWS SageMaker Inference Job Status
- Navigate to https://console.aws.amazon.com/sagemaker/.
- In the left navigation pane, expand Inference, select Batch transform jobs, and from the center pane, choose the relevant task name.
Implementation Notes
AWS Auto Mode Running Time
Training time for AWS Auto mode is relatively long and only suitable for large amounts of data (e.g. more than 20K rows).
Configuring Azure OpenAI Services for FortiAI
This section describes how to configure Azure OpenAI Services for FortiAI.
Step 1: Login to Azure Portal
To go to Azure OpenAI Service, take the following steps:
-
Go to the Azure home page - https://azure.microsoft.com/en-us/.
-
Click the Products drop-down and select the Azure OpenAI Service link.
-
Click Sign in, and login with your account.
Step 2: Create an Azure Resource
Take the following steps.
URL Reference: https://learn.microsoft.com/en-us/azure/ai-services/openai/how-to/create-resource?pivots=web-portal
-
Click + Create.
-
From the Create Azure OpenAI Basics page, take the following steps.
-
Under Project Details > Subscription > Resource group, click Create new to create a resource group, and select it. If you already have a resource group, you can select it without having to create one.
-
Under Instance Details > Region, select you region.
-
Under Instance Details > Name, select your instance.
-
Under Instance Details > Pricing tier, select Standard S0.
-
Click Next.
-
-
From the Create Azure OpenAI Network page, for Type, select "All networks, including the internet, can access this resource." and click Next.
-
From the Create Azure OpenAI Tags page, click Next.
-
From the Create Azure OpenAI Review + submit page, click Create.
You will see a "Deployment is in progress" message. Wait until the Status shows "Created" for the instance before proceeding to the next section.
Step 3: Deploy Models on the Azure Resource
You will need to deploy three models: gpt-4o, gpt-40-mini, and text-embedding-3-large.
Deploy the gpt-4o model
-
From the left pane, click Overview.
-
Click the Go to Azure AI Foundry portal link.
-
From the left pane, expand Shared resources and select Deployments.
-
Under Model deployments, click + Deploy model drop-down, and select Deploy base model.
-
When prompted, select the gpt-4o model, then click Confirm.
-
In the Deployment name field, enter a name, such as "gpt-4o".
-
For Deployment type, select Global Standard.
-
Click Deploy.
Deploy the gpt-4o-mini model
-
From the left pane, click Overview.
-
Click the Go to Azure AI Foundry portal link.
-
From the left pane, expand Shared resources and select Deployments.
-
Under Model deployments, click + Deploy model drop-down, and select Deploy base model.
-
When prompted, select the gpt-4o-mini model, then click Confirm.
-
In the Deployment name field, enter a name, such as "gpt-4o-mini".
-
For Deployment type, select Global Standard.
-
Click Deploy.
Deploy the text-embedding-3-large model
-
From the left pane, click Overview.
-
Click the Go to Azure AI Foundry portal link.
-
From the left pane, expand Shared resources and select Deployments.
-
Under Model deployments, click + Deploy model drop-down, and select Deploy base model.
-
When prompted, select the text-embedding-3-large model, then click Confirm.
-
In the Deployment name field, enter a name, such as "text-embedding-3-large".
-
For Deployment type, select Global Standard.
-
Click Deploy.
Verify Model Deployment
On the Model deployments page, confirm you have three models: gpt-4o, gpt-4o-mini and text-embedding-3-large, and that under the State column, that it appears as "Succeeded" for all three of them.
Adjust the Tokens per Minute Rate Limit Based on Usage
For the gpt-4o model only, take the following steps to configure the Tokens per Minute Rate Limit if needed.
-
Under the Name column, click the gpt-4o deployment name link.
-
Click Edit.
-
Under Tokens per Minute Rate Limit, use the slider to configure.
-
When done, click Save and close.