Course Overview
In this three-day course, you will learn how to use FortiSIEM, and how to integrate FortiSIEM into your network awareness infrastructure. You will learn about initial configurations, architecture, and the discovery of devices on the network. You will also learn how to collect performance information and aggregate it with syslog data to enrich the overall view of the health of the environment. Additionally, you will learn how you can use the configuration database to greatly facilitate compliance audits.
This course is part of the preparation for the NSE 5 certification exam.
Course Objectives
Identify business drivers for using SIEM tools
Describe SIEM and PAM concepts
Describe key features of FortiSIEM
Understand how collectors, workers, and supervisors work together
Configure notifications
Create new users and custom roles
Describe the discovery process
Enable devices for discovery
Understand when to use agents
Perform real-time, historic structured searches
Group and aggregate search results
Examine performance metrics
Create custom incident rules
Edit existing, or create new, reports
Configure and customize the dashboards
Export CMDB information
Identify Windows Agent components
Describe what Windows Agents are used for
Understand how the Windows Agent Manager works in various deployment models
Identify reports that relate to Windows Agents
Understand FortiSIEM Linux File Monitoring Agent
Understand agent registration
Monitor agent communications after deployment
System Requirements
If you take the online format of this class, you must use a computer that has the following:
- A high-speed Internet connection
- An up-to-date web browser
- A PDF viewer
- Speakers or headphones
- HTML 5 support or
- An up-to-date Java Runtime Environment (JRE) with Java plugin enabled in your web browser
You should use a wired Ethernet connection, not a WiFi connection. Firewalls, including Windows Firewall or FortiClient, must allow connections to the online labs.
Who Should Attend?
Anyone who is responsible for day-to-day management of FortiSIEM.
- Top-rated instructors: Our crew of subject matter experts have an average instructor rating of 4.8 out of 5 across thousands of reviews.
- Authorized content: We maintain more than 35 Authorized Training Partnerships with the top players in tech, ensuring your course materials contain the most relevant and up-to date information.
- Interactive classroom participation: Our virtual training includes live lectures, demonstrations and virtual labs that allow you to participate in discussions with your instructor and fellow classmates to get real-time feedback.
- Post Class Resources: Review your class content, catch up on any material you may have missed or perfect your new skills with access to resources after your course is complete.
- Private Group Training: Let our world-class instructors deliver exclusive training courses just for your employees. Our private group training is designed to promote your team’s shared growth and skill development.
- Tailored Training Solutions: Our subject matter experts can customize the class to specifically address the unique goals of your team.
Agenda
1 - Introduction
2 - SIEM and PAM Concepts
3 - Discovery
4 - FortiSIEM Analytics
5 - CMDB Lookups and Filters
6 - Group By and Aggregations
7 - Rules
8 - Incidents and Notification Policies
9 - Reports and Dashboards
10 - Maintaining and Tuning
11 - FortiSIEM Agents