NSE7: Advanced Analytics (FortSIEM Advanced)
Schedule
| Start | End | Duration | Location | Details |
|---|
Course Details
NSE7: Advanced Analytics (FortSIEM Advanced)
Duration: 3 Days
Course Code: FT-ADA
Prerequisites:
• Knowledge of network protocols
• Basic understanding of firewall concepts
• Basic understanding of SIEM products
• Basic understanding of Linux
• It is highly recommended that you have an understanding of the topics covered in the NSE 5 FortiSIEM course.
Intended Audience:
Security professionals involved in the management, configuration, administration, and monitoring of FortiSIEM devices in an enterprise or service provider deployment used to monitor and secure the networks of customer organizations should attend this course.
Course Objectives:
• Identify various implementation requirements for a multi-tenant FortiSIEM deployment
• Understand how FortiSIEM can be deployed in a hybrid environment with and without collectors
• Understand EPS restrictions on FortiSIEM
• Define organizations on FortiSIEM and assign collectors to organizations
• Deploy collectors in a multi-tenant solution
• Register collectors on the supervisor
• Understand the impact of excessive collectors on a FortiSIEM cluster
• Identify the impact of excessive collectors on a FortiSIEM cluster
• Manage EPS assignment on collectors
• Manage collector high availability
• Maintain and troubleshoot a collector installation
• Install Windows and Linux agents and identify the benefits of log collection through agents
• Understand agent architecture and associate templates with Windows and Linux agents
• Understand rule processes architecture and differentiate between a rule worker and a rule master
• Understand how the rule engine sliding time window works when it is evaluating rules
• Understand the out-of-the-box single pattern security rules and how to create rules by evaluating security events
• Define actions for a single pattern security rule
• Understand incident generation and identify the attributes that trigger an incident
• Identify multiple pattern security rules and define conditions and actions for them
• Understand how baseline data is useful in creating conditions in rules
• Differentiate between a standard report and a baseline report
• Understand the built-in baseline profile and learn to create your own baseline profiles
• Understand how statistical average and standard deviation calculations are performed on FortiSIEM
• Understand hourly buckets for weekdays and weekends
• Clone and edit some out-of-the-box baseline rules
• Understand clear conditions on FortiSIEM and walk through a rule with clear conditions
• Learn about remediation options on FortiSIEM and analyze some out-of-the-box remediation scripts
Course Outlines:
• Introduction to Multi-tenancy
• Defining Collectors and Agents
• Operating Collectors
• FortiSIEM Windows and Linux Agents
• Rules Breakdown
• Single Subpattern Security Rule
• Multiple Subpattern Rules
• Introduction to Baseline
• Baseline Rules
• Clear Conditions
• Remediation