Aviz Networks details Network Copilot correlating FortiGate with Splunk

Aviz Networks’ blog describes Network Copilot, an agentic AI assistant that correlates FortiGate telemetry with Splunk logs in real time, so NetOps and SecOps teams can ask plain-language troubleshooting questions and get explanations tied to root cause.

Research Overview

The post frames enterprise troubleshooting as a correlation problem between distributed telemetry sources. It states that FortiGate produces firewall, policy, authentication, and threat-related logs, while Splunk gathers logs from firewalls, applications, and other network components.

According to the blog, operators often spend time performing manual correlation across systems. It positions Network Copilot as an operational assistant that conducts real-time interrogation of Splunk to connect those sources.

Key Findings

The blog says Network Copilot can review logs, configurations, and events in a way compared to an expert network and security engineer. It describes a shift away from operators navigating dashboards and escalating issues for analysis every time a question arises.

It also reports that the assistant can identify configuration changes, authentication failures, blocked communications, and policy-related problems and downstream effects. The examples it gives include answering why a user is blocked and what changed in configurations over the last 24 hours.

Operational Impact

The post describes Network Copilot as intended to support L1 and L2 teams during incident response and troubleshooting workflows. It characterizes manual correlation as time-consuming because of the volume of data and the need to connect events across platforms and contexts.

For configuration change investigations, the blog states Network Copilot can identify what changed, the type of modification, who made it, which firewall policy was affected, and whether traffic behavior changed. For FortiGate access problems, it says the assistant checks whether the issue is an authentication failure, identifies who attempted access and from which IP, and distinguishes between configuration causes and security policy causes.

Leadership Perspective

The blog’s operational model centers on reducing time spent by junior staff searching and cross-referencing data while keeping engineers in control of decisions. It states Network Copilot does not replace network and security engineers, and instead helps teams save time during investigations.

In its discussion of workflow value, the post concludes that the same cross-system reasoning used for reactive troubleshooting can be directed toward identifying patterns before issues fully develop. It ties this to the agentic AI concept of explaining why an event happened and what downstream effects followed.

Overall, the blog’s account focuses on Network Copilot correlating FortiGate telemetry with Splunk logs to answer troubleshooting questions and explain root cause and downstream consequences for NetOps and SecOps workflows. This “Blog Signals brief” is a fact-based summary of the vendor blog.