FortiSIEM Parser

Schedule

Start End Duration Location Details

Course Details

FortiSIEM Parser

Duration: 2 Days

Course Code: FT-FSM-PSR

Prerequisites: 

A basic understanding of programming languages and regular expressions would be an asset. It is also recommended that you have an understanding of the topics covered in NSE 5 FortiSIEM, or have equivalent experience.

Course Description:

In this two-day course, you will learn how to create custom parsers to extend FortiSIEM’s scope to as-yet unknown devices and custom applications whose log formats would not otherwise be understood by FortiSIEM.

You will learn how parsers recognize the type of device or application that sent the data, extract and save key information from the log, and map the device type and log information to an event type.

Course Objectives:

After completing this course, you should be able to:

•    Describe the steps to create a parser
•    Create simple regular expressions
•    Use local and global patterns
•    Identify what information to extract from the log
•    Recognize different log formats
•    Extract data and map it to variables and attributes
•    Understand pattern matching
•    Understand the switch construct
•    Understand the choose construct
•    Add events to CMDB
•    Understand key value pairs
•    Work with sets of key value pairs
•    Handle value list logs
•    Understand parser order
•    Clone a system parser
•    Add different languages

Intended Audience:

Anyone who is responsible for day-to-day management of FortiSIEM.

Course Outlines:

•    Introduction
•    Regular Expressions
•    Parser Recognizers
•    Collect Fields by RegEx
•    Switch Construct
•    Adding Events to the CMDB
•    Choose Construct
•    Handling Key Value Pair Logs
•    Handling Value List Logs
•    Advanced Features