Udemy
    •  
    •  
    •  
    •  
    •  
    •  
    •  
    •  
Subscribe
Turn what you know into an opportunity and reach millions around the world.
Learn More
Your cart is empty.
Keep shopping
Fortinet FortiSIEM - A Step-by-Step BootCamp
Rating: 4.7 out of 5(262 ratings)
2,775 students

Fortinet FortiSIEM - A Step-by-Step BootCamp

Tackle cyber threats in real time by using powerful, scalable, and efficient SIEM security software. That’s FortiSIEM.
Created byHatem Metwally
Last updated 5/2023
English

What you'll learn

  • Security Information and Event Management
  • SIEM
  • Fortinet FortiSIEM
  • Hands-ON
  • Use Cases

Course content

4 sections26 lectures11h 9m total length

  • Introduction33:38
  • Foundations and Reference Architectures56:32
  • FortiSIEM Sizing - ClickHouse48:19
  • High Availability and Disaster Recovery - ClickHouse16:55
  • Supervisor All-In-One Installation28:07

    Install and configure Fortinet FortiSIEM 40 SIM supervisor all-in-one from an ova, allocate multi-disk storage, set network, run automated config, register the license, and configure Clickhouse storage.

  • FortiCollector Installation & Registeration23:18

    Install and register a FortiCollector with the FortiSIEM supervisor, following the same steps as the collector installation, and configure hostname, IP, DNS, and login.

  • FSM GUI simplified6:18
  • Windows Agent Installation & Registeration20:45
  • Search via Analytics page9:08
  • Incidents, Rules Development and Troubleshooting58:27
  • Sysmon Log Integration into FortiSIEM21:42

    Enrich FortiSIEM by installing Sysmon, applying the config XML, and updating the agent template to include the Sysmon channel for high-fidelity Windows logs.

  • Sigma Rules and Sysmon Rule Development30:01

    Explore how Fortinet FortiSIEM integrates Sysmon logs and adopts Sigma rules to detect malicious PowerShell behavior, and learn to develop and translate Sigma rules into FortiSIEM rules.

  • Command Line_Powershell Auditing and Sigma Rule Translation41:35

    Translate a Sigma rule into a FortiSIEM rule by enabling command prompt and PowerShell auditing, mapping logs to FortiSIEM fields, and translating process creation events for detection.

  • Attack Simulation, File Integrity Monitoring and Linux Agent Installation35:37

    Learn to deploy a FortiSIEM Linux agent, enable file integrity monitoring, and detect tampering via built-in FIM rules during an attack simulation on a Linux server.

Requirements

  • Basic Unix/Linux Skills
  • Basic Network Security Concepts

Description

Do you want to enter the SIEM field?

Do you want to learn one of the leaders SIEM technologies?   

Do you want to understand the concepts and gain the handson on Fortinet FortiSIEM?   


Then this course is designed for you. Through baby steps you will learn Fortinet FortiSIEM 


FortiSIEM is a highly scalable multi-tenant Security Information and Event Management (SIEM) solution that provides real time infrastructure and user awareness for threat detection, analysis and reporting.

FortiSIEM provides an actionable security intelligence platform to monitor security, performance and compliance through a single pane of glass.

FortiSIEM has hundreds of customers worldwide in markets including managed services, technology, financial services, healthcare, and government.

Companies around the world use FortiSIEM for the following use cases:

  • Threat management and intelligence that provide situational awareness and anomaly detection

  • Alleviating compliance mandate concerns for PCI, HIPAA and SOX

  • Managing “alert overload”

  • Handling the “too many tools” reporting issue

  • Detect unusual user and entity behavior (UEBA) without requiring the Administrator to write complex rules.

  • Addressing the MSPs/MSSPs pain of meeting service level agreements

Fortinet FortiSIEM was previously known as FortiSIEM, AccelOps.


The course is covering below topics

- Introduction

- Foundations and Reference Architecture

- Scale-Out Architecture

- Distributed Event Correlation

- Clustering Architecture

- Licensing

- High Availability and Disaster Recovery - ClickHouse

- FortiSIEM Sizing - ClickHouse

- All-In-One Supervisor Installation

- FortiCollector Installation & Registeration

- FSM GUI simplified

- Windows Agent Installation, Registeration and Template Association

- Search via Analytics page

- Incidents, Rules Development and Troubleshooting

- Sysmon Log Integration into FortiSIEM

- Sigma Rules and Sysmon Rule Development

- Command Line_Powershell Auditing and Sigma Rule Translation

- Attack Scenario, File Integrity Monitoring and Linux Agent Installation

- Dashboards and Business Services

- Reports

- Device Discovery - FortiGate - SNMP, SSH, SYSLOG, and NETFLOW

- Discovery Settings, CMDB Groups, Business Services and Custom Properties

- Upload New License File

- NFS Archive and Retention Policy

- Validate and Search Archives

- ClickHouse Warm Tier disk addition to Extend Online Retention

- Splitting Data & Control Planes - Adding Network Interface to FortiSIEM

- Deep Dive on FortiSIEM Licensing and Part Numbers


Please note that FortiSIEM image download/license requires FortiCare entitlement or to be an active partner with Fortinet

Who this course is for:

  • Network Security Specialists & Administrators
  • SOC Operators & Analysts
  • Information Security Sepcialists

Report abuse