Radiant

Course Overview

In this course, one will learn how to create custom parsers to extend the integration capability of FortiSIEM to a greater range of devices and custom applications. One will learn how parsers identify the type of device or application that sent the data, extract & save key information from the log, & map the device type and log information to an event type.

Prerequisites

You must have an understanding of the topics covered in the following courses, or have equivalent experience:

NSE 4 FortiGate Security
NSE 4 FortiGate Infrastructure
NSE 5 FortiSIEM

It is also recommended that you have knowledge of programming languages and regular expressions.

Audience Profile

Cybersecurity professionals responsible for creating custom parsers on FortiSIEM should attend this course.

Learning Objectives

After accomplishment of this course, you should be able to:

Examine how FortiSIEM determines which parsers to use
Review parser terminology and steps to develop a parser
Recognize different log types and structures
Review basic & advanced regex patterns
Utilize tools for regex validation and development
Recognize appropriate uses of global & local patterns
Define local and global patterns
Recognize common string patterns in event logs
Develop event format recognizers
Configure parsing instructions to extract and map data
Create collectFieldsByRegex functions
Create setEventAttribute functions
Add comments to parser code
Construct conditional matching logic capabilities in parsers
Parse & normalize date and time from logs
Add, categorize, & query the CMDB for new parser events
Construct parsers for various log types
Control extracted strings from logs
Execute calculations on variables or attributes
Compute event severity with syslog priority values
Utilize advanced functions to parse JSON logs
Allow FortiSIEM support for logs in other language

Content Outline

Day 1

Introduction

Day 2

Regular Expressions

Day 3

Event Format Recognizers

Day 4

Parsing Instructions

Day 5

Switch-Case Constructs

Day 6

Custom CMDB Event Types

Day 7

Choose-When Constructs

Day 8

Key Value Pair Logs

Day 9

Value List Logs

Day 9

Advanced Features

FAQs

Q: What is the infrastructure required to attend your training program?

A: To attend the training session you should have an operational Desktops or Laptops with required specification along with good internet connection to access the labs.

Q: What if I miss a class on a particular day?

A: We would always recommend you to attend the live session to practice & clarify the doubts instantly and get more value from your investment. However, due to some contingency if you have to skip the class Radiant Techlearning would help you with the recorded session of that particular day. However, those recorded sessions are not meant only for personal consumption and NOT for distribution or any commercial use.

Q: How will I be accessing the labs?

A: Radiant Techlearning has a data center containing the Virtual Training environment for the purpose of participant’s hand-on-practice.

Participants can easily access these labs over Cloud with the help of remote desktop connection.

Radiant virtual labs provide you the flexibility to learn from anywhere in the world and in any time zone.

Q: What kind of projects are included as a part of training?

A: The learners will be enthralled as we engage them in real world and industry Oriented projects during the training program. These projects will improve your skills and knowledge and you will gain better experience. These real time projects, they will help you a lot in your future tasks and assignments.

Send a Message.

Enroll

FortiSIEM Parser