Advanced Analytics Course Training | FCSS in Security Operations Certification

In this course, you will learn how to use FortiSIEM in a multi-tenant environment. You will learn about rules and their architecture, how incidents are generated, how baseline calculations are performed, the different methods of remediation available, and how the MITRE ATT&CK framework integrates with FortiSIEM. You will also learn how to integrate FortiSOAR with FortiSIEM.

Product Versions:

FortiSIEM 6.3.0
FortiSOAR 7.0.1
FortiGate 7.0.1

Associated Certifications:

Fortinet Certified Solution Specialist (FCSS): Security Operations (Core Exam)

After completing this course, you should be able to:

Identify various implementation requirements for a multi-tenant FortiSIEM deployment
Deploy FortiSIEM in a hybrid environment with and without collectors
Design multi-tenant solutions with FortiSIEM
Deploy collectors in a multi-tenant environment
Manage EPS assignment and restrictions on FortiSIEM
Manage resource utilization of a multi-tenant FortiSIEM cluster
Maintain and troubleshoot a collector installation
Deploy and manage Windows and Linux agents
Create rules by evaluating security events
Define actions for a single pattern security rule
Identify the incident attributes that trigger an incident
Identify multiple pattern security rules and define conditions and actions for them
Differentiate between a standard and baseline report
Create your own baseline profiles
Examine the MITRE ATT&CK framework integration on FortiSIEM and FortiSOAR
Deploy FortiSIEM UEBA agents
Examine UEBA rules, reports, event types, and windows template
Configure clear conditions on FortiSIEM
Analyze some out-of-the-box remediation scripts
Configure various remediation methods on FortiSIEM
Integrate FortiSOAR with FortiSIEM
Remediate incidents from FortiSOAR

Introduction to Multi-Tenancy
Defining Collectors and Agents
Operating Collectors
Windows and Linux Agents
Rules
Single Subpattern Security Rule
Multiple Subpattern Rules
Introduction to Baseline
Baseline
UEBA
MITRE ATT&CK
Clear Conditions
Remediation

Security professionals involved in the management, configuration, administration, and monitoring of FortiSIEM and FortiSOAR devices in an enterprise or service provider deployment used to monitor and secure the networks of customer organizations.

You must have an understanding of the topics covered in the following courses, or have equivalent experience:

NSE 4 FortiGate Security
NSE 4 FortiGate Infrastructure
NSE 5 FortiSIEM

It is also highly recommended that you have an understanding, or equivalent experience with, Python programming, Jinja2 template language for Python, Linux systems, and SOAR technologies.

Overview

Product Versions:

FortiSIEM 6.3.0
FortiSOAR 7.0.1
FortiGate 7.0.1

Associated Certifications:

Fortinet Certified Solution Specialist (FCSS): Security Operations (Core Exam)

Objective

After completing this course, you should be able to:

Identify various implementation requirements for a multi-tenant FortiSIEM deployment
Deploy FortiSIEM in a hybrid environment with and without collectors
Design multi-tenant solutions with FortiSIEM
Deploy collectors in a multi-tenant environment
Manage EPS assignment and restrictions on FortiSIEM
Manage resource utilization of a multi-tenant FortiSIEM cluster
Maintain and troubleshoot a collector installation
Deploy and manage Windows and Linux agents
Create rules by evaluating security events
Define actions for a single pattern security rule
Identify the incident attributes that trigger an incident
Identify multiple pattern security rules and define conditions and actions for them
Differentiate between a standard and baseline report
Create your own baseline profiles
Examine the MITRE ATT&CK framework integration on FortiSIEM and FortiSOAR
Deploy FortiSIEM UEBA agents
Examine UEBA rules, reports, event types, and windows template
Configure clear conditions on FortiSIEM
Analyze some out-of-the-box remediation scripts
Configure various remediation methods on FortiSIEM
Integrate FortiSOAR with FortiSIEM
Remediate incidents from FortiSOAR

Outline

Introduction to Multi-Tenancy
Defining Collectors and Agents
Operating Collectors
Windows and Linux Agents
Rules
Single Subpattern Security Rule
Multiple Subpattern Rules
Introduction to Baseline
Baseline
UEBA
MITRE ATT&CK
Clear Conditions
Remediation

Target audience

Prerequisites

You must have an understanding of the topics covered in the following courses, or have equivalent experience:

NSE 4 FortiGate Security
NSE 4 FortiGate Infrastructure
NSE 5 FortiSIEM

It is also highly recommended that you have an understanding, or equivalent experience with, Python programming, Jinja2 template language for Python, Linux systems, and SOAR technologies.

Päivämäärille

` 12 Aug - 14 Aug, 2024
` 9 Sep - 11 Sep, 2024
` 7 Oct - 9 Oct, 2024
` 4 Nov - 6 Nov, 2024
` 2 Dec - 4 Dec, 2024
` 30 Dec - 1 Jan, 2025

Advanced Analytics

Päivämäärille

Follow Up Courses

FortiAnalyzer Administrator

FortiAnalyzer Analyst

Cloud Security for Azure

FortiSwitch

OT Security

Public Cloud Security

FortiEDR

NSE 4 – FortiGate v7.2 Bundle Training

FortiWeb Administrator

Zero Trust Access

Know someone who´d be interested in this course?
Let them know...

Advanced Analytics

Päivämäärille

Follow Up Courses

FortiAnalyzer Administrator

FortiAnalyzer Analyst

Cloud Security for Azure

FortiSwitch

OT Security

Public Cloud Security

FortiEDR

NSE 4 – FortiGate v7.2 Bundle Training

FortiWeb Administrator

Zero Trust Access

Know someone who´d be interested in this course? Let them know...

Know someone who´d be interested in this course?
Let them know...