Security tools collect a ton of data. That is both the good news and the problem.
In this quick demo, I walk through a simple FortiAnalyzer use case where FortiAI helps turn raw log data into something easier to understand. Instead of manually building queries, digging through logs, and trying to figure out what matters, I can ask a plain-language question and let the assistant help guide the investigation.
The question: what apps are being used?
The demo starts with a simple question: what are the top applications over the last 24 hours?
That immediately surfaces RDP traffic. On its own, that is not enough to panic, but it is enough to ask the next question: why am I seeing RDP traffic?
That is where FortiAI becomes useful. Instead of forcing me to manually pivot through log views, filters, source addresses, destination ports, and action fields, the assistant helps fetch the supporting details and explain what is going on.
What the data showed
In this case, the RDP sessions were blocked. The sources were external addresses hitting TCP/3389 against my public IP. In plain English: random internet noise. Someone, somewhere, was trying to RDP into a public address, and the firewall was doing its job.
The useful part is not just that the traffic was blocked. The useful part is how quickly I could move from:
- What apps am I seeing?
- Why is RDP showing up?
- Was it allowed or blocked?
- Who were the source IPs?
- Do I need to care?
That is the real value. FortiAI helps shorten the path between “I saw something weird” and “I understand what happened.”
Why this matters for FortiAnalyzer
FortiAnalyzer already gives you the log data, reporting, analytics, event handling, and visibility. The challenge for a lot of teams is time. You may have the answer sitting in the logs, but still need to know where to look, what query to build, and how to interpret the result.
FortiAI helps with that workflow by letting an analyst ask natural-language questions, summarize security events, investigate activity, and pull together context faster. It does not replace knowing how the network works. It helps you get to the useful part of the investigation faster.
My take
This is where AI actually makes sense in security operations.
Not as some magic “AI will secure everything” nonsense, but as a practical assistant sitting on top of the data you already have. Ask better questions. Get faster pivots. Summarize what happened. Identify the offenders. Confirm whether traffic was allowed or blocked. Then decide what, if anything, needs to happen next.
In this example, the answer was simple: external RDP attempts were blocked. No drama. No compromise. Just useful visibility without a bunch of manual log digging.
That is exactly the kind of workflow where FortiAI for FortiAnalyzer can help.