Learning Objectives

After completing this course, you will be able to:
Describe FortiSIEM key features and deployment architectures
Describe FortiSIEM indicators of compromise (IoC) and reputation check
Describe how FortiSIEM receives, collects, normalizes, and enriches logs
Describe event type classifications
Describe customer scaling with FortiSIEM collectors and collector high availability (HA)
Describe FortiSIEM agent architecture for managed security services providers (MSSP)
Describe various Fortinet Security Fabric integrations
Perform initial configurations, and role-based access management (RBAC)
Configure and troubleshoot asset discovery
View performance metrics and perform actions in the configuration management database (CMDB)
Deploy, assign, register, and upgrade collectors for MSSP customers
Configure and manage collector HA
Create and monitor critical business services
Analyze business services dashboards
Install and register FortiSIEM agents
Monitor agent status on the CMDB
Monitor events per second (EPS) usage
Configure event dropping rules
Configure identity and location information in the CMDB
Deploy AI-based user entity behavior analysis (UEBA)
Configure on-net and off-net detection, and FortiInsight watchlists
Configure zero-trust network access (ZTNA) integration
Create custom dashboards
Load, save, schedule, and import reports
Create and run CMDB and UEBA reports
Manage collection jobs
Define maintenance schedules
Monitor system status with FortiSIEM health check scripts
Collect and analyze system logs