Official websites use .gov
A .gov website belongs to an official government organization in the United States.
Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.
Fortinet Advanced Analytics
The Fortinet Advanced Analytics course will teach you about rules and their architecture, how incidents are generated, how baseline calculations are performed, the different methods of remediation available, and how the nested queries and lookup tables work for advanced analytics using FortiSIEM. You will also learn how to integrate FortiSOAR with FortiSIEM. This course prepares you for the Fortinet NSE 7 - Advanced Analytics 6.3.
Course Overview
Overall Proficiency Level
3 - Advanced
Course Prerequisites
You must have an understanding of the topics covered in the following courses, or have equivalent experience:
- FortiGate Administrator (previously FortiGate Security and FortiGate Infrastructure)
- FCP - FortiSIEM
It is also recommended that you have an understanding of the following topics, or have equivalent experience:
- Python programming
- Jinja2 templating language for Python
- Linux systems
- SOAR technologies
Training Purpose
Management Development
Skill Development
Specific Audience
All
Delivery Method
Classroom
Online, Instructor-Led
Course Locations
8890 McGaw Road
Suite 200
Columbia, MD 21045
625 W Adams Street
Chicago, IL 60661
5908 Headquarters Drive
Suite 400
Plano, TX 75024
201 N Franklin St
Floor 37
Tampa, FL 33602
40 E. Rio Salado Parkway
Suite 200
Tempe, AZ 85281
Learning Objectives
- Identify various implementation requirements for a multi-tenant FortiSIEM deployment
- Deploy FortiSIEM in a hybrid environment with and without collectors
- Design multi-tenant solutions with FortiSIEM
- Deploy collectors in a multi-tenant environment
- Manage EPS assignment and restrictions on FortiSIEM
- Manage resource utilization of a multi-tenant FortiSIEM cluster
- Maintain and troubleshoot a collector installation
- Deploy and manage Windows and Linux agents
- Create rules by evaluating security events
- Define actions for a single pattern security rule
- Identify multiple pattern security rules and define conditions and actions for them
- Differentiate between a standard and baseline report
- Create your own baseline profiles
- Deploy FortiSIEM UEBA agents
- Examine log-based UEBA rules
- Examine nested queries for advanced analytics
- Configure lookup tables for advanced analytics
- Configure clear conditions on FortiSIEM
- Analyze some out-of-the-box remediation scripts
- Configure various remediation methods on FortiSIEM
- Integrate FortiSOAR with FortiSIEM
- Remediate incidents from FortiSOAR
Framework Connections
The materials within this course focus on the NICE Framework Task, Knowledge, and Skill statements identified within the indicated NICE Framework component(s):
Competency Areas
Feedback
If you would like to provide feedback on this course, please e-mail the NICCS team at NICCS@mail.cisa.dhs.gov. Please keep in mind that NICCS does not own this course or accept payment for course entry. If you have questions related to the details of this course, such as cost, prerequisites, how to register, etc., please contact the course training provider directly. You can find course training provider contact information by following the link that says “Visit course page for more information...” on this page.
Last Published Date: