FortiInsight
FortiInsight monitors endpoint activity in the form of events. It provides automated inspection and alerts against these events in the form of policy and Augmented intelligence (AI) based inspection.
Kate_M
Community Manager
Community Manager
Article Id 191293
Description
There are two areas of severity scoring within FortiInsight, one for the rule based Policies and another for the AI alerting.

The Policy alerts severity level is controlled by the organisation. When a new policy is configured the severity level for the alerts can be set (a value from 10 to 90 in increments of 10).

AI alerts are generated automatically by the machine learning models of FortiInsight. They are scored on a combination of anomalous-ness (how much of deviation in normal behaviour the event represents), and risk (a static score, according to the type of program, data, or activity which the event represents e.g. a cloud backup program is medium risk). These scores are combined, with a weighting of 40 (deviation) / 60 (risk).

The risk category which each alert occupies (low, medium, high) is the same for both AI and policy based alerts:

  • Low: 0 to 29
  • Medium: 30 to 59
  • High: 60 to 100

Contributors