FortiInsight
FortiInsight monitors endpoint activity in the form of events. It provides automated inspection and alerts against these events in the form of policy and Augmented intelligence (AI) based inspection.
jmcritchie
Staff
Staff
Article Id 197555
Description

FortiInsight AI, or Augmented Intelligence, adds context, risks and ratings to activities on your network to find a wide range of threats.  


AI learns general facts about user behaviour in order to identify when anomalous behaviour occurs.  


Events stream in through FortiInsight; AI builds profiles for each user, and takes around a week to learn what ‘normal’ behaviour looks like for that user.  AI uses a combination of the applications a user accesses, and their actions (ie read, write, upload files, etc.)


FortiInsight uses risk scoring to categorise events in terms of how anomalous they are deemed to be. 


The ‘severity’ score comes from a combination of risk and anomalousness. 


Contributors