NSE7: FortiSoar Design & Development

Schedule

Start End Duration Location Details

Course Details

FortiSOAR Design and Development

Duration: 3 Days

Course Code: FT-FSR-DEV

Prerequisite:

Familiarity with Python programming, and the Jinja2 templating language for Python is required to benefit from this course.

Familiarity with the following Fortinet products is beneficial:
•    FortiGate
•    FortiSIEM
•    FortiMail

Course Description:

In this interactive course, you will learn how to use FortiSOAR to design simple to complex playbooks. You will learn to create your own dashboards using various built-in widgets, and install widgets from the widget library. You will review the dashboards that are built-in to FortiSOAR and learn to edit them according to your requirements.

In practical labs, you will explore the role of FortiSOAR in mitigating malicious indicators and creating interactive dashboards to display relevant information about alerts and incidents. You will design a playbook to extract indicators from a phishing email alert. You will also design a playbook to enrich those indicators using connectors to query threat intelligence platforms, such as FortiGuard. You will also design a playbook to mitigate malicious indicators by blocking them on FortiGate. You will configure a FortiSIEM connector to ingest incidents into FortiSOAR.

Course Objectives:

After completing this course, you should be able to:

•    Identify the role of FortiSOAR in a SOC environment
•    Plan a FortiSOAR deployment
•    Manage incidents and alerts in a SOC environment
•    Explore, create, and customize dashboards
•    Explore the structure of a template
•    Create, customize, and analyze various dashboard widgets
•    Create, customize, and publish modules
•    Search for records and filter search records
•    Analyze field-type options in the field editor
•    Categorize playbook trigger types
•    Build a user prompt from a manual trigger step
•    Understand the basics of Jinja syntax
•    Define variables and dictionaries in Jinja
•    Configure step utilities within a playbook step
•    Configure various core steps of a playbook
•    Use the advanced editor within a playbook step
•    Analyze the details of an approval record
•    Review the connector store
•    Understand connector configuration
•    Configure different modes of data ingestion    

•    Configure data ingestion from FortiSIEM
•    Install and configure connectors and apply them to a playbook
•    Configure various utility steps
•    Configure referenced playbooks
•    Configure and use dynamic variables and values
•    Use expressions to customize playbook input and outputs
•    Use common Jinja filters and functions
•    Use the json_query filter to extract data from complex data structures
•    Configure for loop functions and if statements

Intended Audience:

This course is intended for cybersecurity professionals responsible for planning, designing, and customizing FortiSOAR deployments, integrating FortiSOAR with FortiGate, FortiSIEM, and FortiMail, and FortiSOAR playbook design and development.

Course Outline:

•    Introduction to FortiSOAR
•    Dashboard Templates and Widgets
•    Module Templates and Widgets
•    Application Editor
•    Dynamic Variables and Values
•    Jinja Filters, Functions, and Conditions
•    Introduction to Playbooks
•    Playbook Core Steps
•    Playbook Evaluate Steps
•    Playbook Connectors, Data Ingestion, and Execution Steps

Copyright © 2020 - Trends Academy All Rights Reserved