Course Overview
In this course, professionals will learn how to use FortiSIEM in a multi-tenant environment. One will learn about rules & their architecture, how baseline calculations are performed, how incidents are generated, the distinct methods of remediation available, & how the MITRE ATT&CK framework integrates with FortiSIEM. One will also learn how to combine FortiSOAR with FortiSIEM.
Prerequisites
You must have an knowledege of the topics covered in the following courses, or have comparable experience:
- NSE 4 FortiGate Security
- NSE 5 FortiSIEM
- NSE 4 FortiGate Infrastructure
It is also highly recommended that you have an understanding, or equivalent experience with, Python programming, Jinja2 template language for Python, Linux systems, and SOAR technologies
Audience Profile
- Security professionals involved in the administration, management, configuration, and
- monitoring of FortiSIEM and FortiSOAR devices in an enterprise or service provider
- deployment used to monitor and secure the networks of customer organizations.
Learning Objectives
After accomplishment this course, you should be able to:
- Recognize various implementation requirements for a multi-tenant FortiSIEM deployment
- Deploy FortiSIEM in a hybrid environment with & without collectors
- Design multi-tenant solutions with FortiSIEM
- Deploy collectors in a multi-tenant environment
- Manage EPS assignment and restrictions on FortiSIEM
- Manage resource utilization of a multi-tenant FortiSIEM cluster
- Maintain and troubleshoot a collector installation
- Deploy and manage Windows and Linux agents
- Create rules by evaluating security events
- Define actions for a single pattern security rule
- Identify the incident attributes that trigger an incident
- Identify multiple pattern security rules and define conditions and activities for them
- Differentiate between a standard and baseline report
- Create your own baseline profiles
- Examine the MITRE ATT&CK framework integration on FortiSIEM and FortiSOAR
- Deploy FortiSIEM UEBA agents
- Examine UEBA rules, reports, event types, and windows template
- Configure clear conditions on FortiSIEM
- Analyze some out-of-the-box remediation scripts
- Configure various remediation methods on FortiSIEM
- Integrate FortiSOAR with FortiSIEM
- Remediate incidents from FortiSOAR
Content Outline
Introduction to Multi-Tenancy
Defining Collectors and Agents
Operating Collectors
Windows and Linux Agents
Rules
Single Subpattern Security Rule
Multiple Subpattern Rules
Introduction to Baseline
Baseline
UEBA
MITRE ATT&CK
Clear Conditions
Remediation
Certification
This course trains you for the NSE 7 Advanced Analytics certification exam.
FAQs
A: To attend the training session you should have an active Desktops or Laptops with required specification along with good internet connection to access the labs.
A: We would always recommend you to attend the live session to practice & clarify the doubts instantly and get more value from your investment. However, due to some contingency if you have to skip the class Radiant Techlearning would help you with the recorded session of that particular day. However, those recorded sessions are not meant only for personal consumption and NOT for distribution or any commercial use.
A: Radiant Techlearning has a data center containing the Virtual Training environment for the purpose of participant’s hand-on-practice.
Participants can easily access these labs over Cloud with the help of remote desktop connection.
A: The learners will be enthralled as we engage them in the natural world and industry Oriented projects during the training program. These projects will improve your skills and knowledge and you will gain better experience. These real time projects, they will help you a lot in your future tasks and assignments.