Duration : 3 Days (19 Hours)
Advanced Analytics Course Overview:
In this multi-tenant-focused course, you will gain comprehensive knowledge of FortiSIEM, delving into its rules architecture, incident generation, baseline calculations, remediation techniques, and advanced analytics utilizing nested queries and lookup tables. Additionally, you will learn to seamlessly integrate FortiSOAR with FortiSIEM, equipping you with the skills to effectively manage and optimize security operations in complex, multi-tenant environments.
- Security professionals involved in the management, configuration, administration, and monitoring of FortiSIEM and FortiSOAR devices—in an enterprise or service provider deployment—that are used to monitor and secure the networks of customer organizations should attend this course.
Learning Objectives of Advanced Analytics:
Upon successful completion of this course, you will possess the following capabilities:
- Recognition of various prerequisites and implementation necessities for a multi-tenant FortiSIEM deployment.
- Proficiency in deploying FortiSIEM in a hybrid environment, both with and without collectors.
- Ability to design multi-tenant solutions using FortiSIEM.
- Skill in deploying collectors within a multi-tenant environment.
- Competence in managing Event Per Second (EPS) assignments and restrictions on FortiSIEM.
- Knowledge of effectively managing resource utilization within a multi-tenant FortiSIEM cluster.
- Proficiency in maintenance and troubleshooting of collector installations.
- Expertise in deploying and managing Windows and Linux agents.
- Capability to create rules by assessing security events.
- Skill in defining actions for single-pattern security rules.
- Understanding of multiple-pattern security rules and the ability to define their conditions and actions.
- Differentiation between standard and baseline reports, along with the skill to create customized baseline profiles.
- Proficiency in deploying FortiSIEM User and Entity Behavior Analytics (UEBA) agents.
- Competence in examining log-based UEBA rules for advanced analytics.
- Proficiency in working with nested queries and configuring lookup tables for advanced analytics.
- Configuration of clear conditions within FortiSIEM for effective event management and analysis.
- Introduction to Multi-Tenancy
- Defining FortiSIEM Collectors and FortiSOAR
- Operating Collectors
- Windows and Linux Agents
- Single Subpattern Security Rules
- Multiple Subpattern Rules
- Baseline Rules
- FortiSIEM UEBA
- Nested Queries and Lookup Tables
- Clear Conditions
Advanced Analytics Course Prerequisites:
You must have an understanding of the topics covered in the following courses, or have equivalent experience:
- NSE 4 FortiGate Security
- NSE 4 FortiGate Infrastructure
- NSE 5 FortiSIEM
It is also recommended that you have an understanding of the following topics, or have equivalent experience:
- Python programming
- Jinja2 templating language for Python
- Linux systems
- SOAR technologies
Discover the perfect fit for your learning journey
Choose Learning Modality
This course comes with following benefits:
- Practice Labs.
- Get Trained by Certified Trainers.
- Access to the recordings of your class sessions for 90 days.
- Digital courseware
- Experience 24*7 learner support.
Got more questions? We’re all ears and ready to assist!