Course Overview
In this course, you will learn about FortiSIEM initial configurations and architecture, and the discovery of devices on the network. You will also learn how to collect performance information and aggregate it with syslog data to enrich the overall view of the health of your environment, use the configuration database to greatly facilitate compliance audits, and integrate FortiSIEM into your network awareness infrastructure.
This course does not have a certification exam.
Who should attend
In this course, you will learn about FortiSIEM initial configurations and architecture, and the discovery of devices on the network. You will also learn how to collect performance information and aggregate it with syslog data to enrich the overall view of the health of your environment, use the configuration database to greatly facilitate compliance audits, and integrate FortiSIEM into your network awareness infrastructure.
Prerequisites
You should have an understanding of the topics covered in the FCF - FortiGate Operator course, or have equivalent experience.
Course Objectives
After completing this course, you will be able to:
- Describe FortiSIEM key features and deployment architectures
- Describe FortiSIEM indicators of compromise (IoC) and reputation check
- Describe how FortiSIEM receives, collects, normalizes, and enriches logs
- Describe event type classifications
- Describe customer scaling with FortiSIEM collectors and collector high availability (HA)
- Describe FortiSIEM agent architecture for managed security services providers (MSSP)
- Describe various Fortinet Security Fabric integrations
- Perform initial configurations, and role-based access management (RBAC)
- Configure and troubleshoot asset discovery
- View performance metrics and perform actions in the configuration management database (CMDB)
- Deploy, assign, register, and upgrade collectors for MSSP customers
- Configure and manage collector HA
- Create and monitor critical business services
- Analyze business services dashboards
- Install and register FortiSIEM agents
- Monitor agent status on the CMDB
- Monitor events per second (EPS) usage
- Configure event dropping rules
- Configure identity and location information in the CMDB
- Deploy AI-based user entity behavior analysis (UEBA)
- Configure on-net and off-net detection, and FortiInsight watchlists
- Configure zero-trust network access (ZTNA) integration
- Create custom dashboards
- Load, save, schedule, and import reports
- Create and run CMDB and UEBA reports
- Manage collection jobs
- Define maintenance schedules
- Monitor system status with FortiSIEM health check scripts
- Collect and analyze system logs