Course Overview
In this course, one will learn about FortiSIEM initial configurations, architecture, & the discovery of devices on the network. One will also learn how to collect performance information & aggregate it with syslog data to enrich the overall viewpoint of the health of your environment, how to utilize the configuration database to greatly facilitate compliance audits, & how to integrate FortiSIEM into your network awareness infrastructure.
Prerequisites
One must have a working knowledge of the topics included in the following courses, or have comparable experience.
- NSE 4 FortiGate Security
- NSE 4 FortiGate Infrastructure
Audience Profile
Anyone who is responsible for the daily management of FortiSIEM should attend this course.
Learning Objectives
After accomplishment of this course, you should be able to:
- Recognize business drivers for using SIEM tools
- Explain SIEM and PAM concepts
- Explain key features of FortiSIEM
- Comprehend how collectors, workers, and supervisors work together
- Configure notifications
- Develop new users and custom roles
- Explain and enable devices for discovery
- Comprehend when to use agents
- Conduct real-time, historic structured searches
- Group & aggregate search results
- Examine performance metrics
- Develop custom incident rules
- Edit existing, or create new, reports
- Configure and customize the dashboards
- Export CMDB information
- Recognize Windows agent components
- Explain the purpose of Windows agents
- Comprehend how the Windows agent manager works in various deployment models
- Recognize reports that relate to Windows agents
- Comprehend the FortiSIEM Linux file monitoring agent
- Comprehend agent registration
- Monitor agent communications after deployment
- Troubleshoot FortiSIEM issues
Content Outline
Introduction
SIEM and PAM Concepts
Discovery and FortiSIEM Agents
FortiSIEM Analytics
CMDB Lookups and Filters
Group By and Data Aggregation
Rules and MITRE ATT&CK
Incidents and Notification Policies
Certification
This course equips you for the NSE 5 FortiSIEM certification exam.
FAQs
A: To attend the training session you should have an operational Desktops or Laptops with required specification along with good internet connection to access the labs.
A: We would always recommend you to attend the live session to practice & clarify the doubts instantly and get more value from your investment. However, due to some contingency if you have to skip the class Radiant Techlearning would help you with the recorded session of that particular day. However, those recorded sessions are not meant only for personal consumption and NOT for distribution or any commercial use.
A: Radiant Techlearning has a data center containing the Virtual Training environment for the purpose of participant’s hand-on-practice.
Participants can easily access these labs over Cloud with the help of remote desktop connection.
Radiant virtual labs provide you the flexibility to learn from anywhere in the world and in any time zone.
A: The learners will be enthralled as we engage them in real world and industry Oriented projects during the training program. These projects will improve your skills and knowledge and you will gain better experience. These real time projects, they will help you a lot in your future tasks and assignments.