Udemy
    •  
    •  
    •  
    •  
    •  
    •  
    •  
    •  
Turn what you know into an opportunity and reach millions around the world.
Learn More
Your cart is empty.
Keep shopping
Fortinet FortiSOAR From Zero To Hero
Rating: 4.4 out of 5(220 ratings)
2,655 students

Fortinet FortiSOAR From Zero To Hero

Learn state-of-the-art Security Product that must have in any SOC arsenal. That’s Fortinet FortiSOAR.
Created byHatem Metwally
Last updated 4/2023
English

What you'll learn

  • Security Orchestration, Automation and Response (SOAR)
  • FortiSOAR
  • Use Cases
  • Hands-ON
  • SOAR
  • Playbooks
  • Incident Response
  • Cyber Threat Intelligence
  • Fortinet

Course content

3 sections28 lectures12h 50m total length
  • Introduction17:53

    Fortinet FortiSOAR automates alert processing and incident response with playbooks and workflows, linking detection sources to crisis war room collaboration in a SOC.

  • Installation23:43

    Download the FortiSOAR 44 VMware Enterprise OVA from Fortinet support, import it, and configure network settings before activating a trial license.

  • GUI Demystified - part151:22

    Navigate Fortinet FortiSOAR's GUI and master the initial deployment: set up proxy and licenses, follow the deploy, streamline, accelerate, maintain framework, and configure data ingestion, enrichment, and basic playbooks.

  • GUI Demystified - part258:13
  • Foundations and Architecture30:02

    Understand FortiSOAR foundations, architecture, and deployment models, including unified incident response, alert triaging automation, SOC optimization, and enterprise and multi-tenant architectures.

  • Ingesting FortiSIEM Incidents into FortiSOAR18:46

    Ingest FortiSIEM incidents into FortiSOAR by configuring connectors, mapping fields, and triggering ingestion playbooks to automate high-severity incident response.

  • Ingesting Microsoft Exchange Office365 messages into FortiSOAR15:06

    Configure the exchange connector to ingest Office 365 emails into FortiSOAR and trigger automated incident response playbooks for suspicious or phishing emails.

  • Installing and Configuring VirusTotal Connector3:08

    Install and configure the VirusTotal Connector in FortiSOAR to retrieve IP, domain, URL and file reputation, then run playbooks with actions like get IP reputation and submit URL.

  • Dashboards, Templates and Widgets49:58

    Explore dashboards, templates, and widgets in Fortinet FortiSOAR, create custom layouts with rows, columns, tabs, and iframe widgets, and visualize alerts, incidents, and performance metrics.

  • Module Templates36:43

    Explore Fortinet FortiSOAR module templates from zero to hero, covering dashboard templates, list and detailed views, header and primary detail widgets, playbooks, audit timelines, relationships, and SLA countdown timers.

  • Searches and Filters11:12

    Explore how global searches span alerts, incidents, tags, attachments, and content hub, and learn to refine results with module-level filters, exact-match tags, and saved or default filters.

  • Application Editor29:55

    Learn how to use the application editor to create or edit modules, define fields and display templates, configure RBAC, and publish changes for your FortiSOAR instance.

Requirements

  • Intermediate Unix/Linux Skills
  • Intermediate Network Security Concepts

Description

Fortinet FortiSOAR is a holistic Security Orchestration, Automation and Response (SOAR) workbench, designed for SOC teams to efficiently respond to the ever-increasing influx of alerts, repetitive manual processes, and shortage of resources. It pulls together all of organization's tools, helps unify operations and reduces alert fatigue, context switching, and the mean time to respond to incidents.


FortiSOAR is extremely a flexible product with many important and usefull features, which along with outstanding customer support brings SOC environment to next level.


FortiSOAR provides the ability to customize GUI and affect SOC working environment effectively. "Less clicks is better!" Robastic Integration with 3rd party tools - many API based connectors with example playbooks which can be easily adopted for company needs. Customer Support - great attitude, professionality, very customer oriented.


Through baby steps you will learn Fortinet FortiSOAR important topics that include but not limited to the following:


Part I - FortiSOAR Basics

Lecture 1: Introduction

Lecture 2: Installation

Lecture 3: GUI Demystified - part1

Lecture 4: GUI Demystified - part2

Lecture 5: Foundations and Architecture

Lecture 6: Ingesting FortiSIEM Incidents into FortiSOAR

Lecture 7: Ingesting Microsoft Exchange Office365 messages into FortiSOAR

Lecture 8: Installing and Configuring VirusTotal Connector

Lecture 9: Dashboards, Templates and Widgets

Lecture 10: Module Templates

Lecture 11: Searches and Filters

Lecture 12: Application Editor


Part II - Playbooks

Lecture 13: Playbooks introduction & Trigger Steps

Lecture 14: Playbooks Core steps

Lecture 15: Playbooks Evaluate steps

Lecture 16: Playbooks Execute steps and others

Lecture 17: Designing Our First playbook - Reassign Analyst

Lecture 18: Perform IP Enrichment for Newly Added IOC

Lecture 19: Create Critical Alert for Bad IOC, Approve, and [Manually] Block on Firewall

Lecture 20: Create Critical Alert for Bad IOC, Approve, and [Auto] Blocking on Firewall

Lecture 21: Generalize IOC Lookup/Auto-Block Playbook for Bad IP and URL

Lecture 22: Perform IP Enrichment from 2 CTIs & Manipulate IBM XForce Results using Code Snippet Step

Lecture 23: Increasing the Resiliency of IP Enrichment

Lecture 24: Automate IOC Extraction From CTI Advisories

Lecture 25: Playbooks Nesting and Parameters Passing

Lecture 26: Playbooks Nesting and Parameters Passing - Part2 (Hands-On)


Appendix

Lecture 27: CLI and Troubleshooting

Lecture 28: Avoid Playbooks Running Forever Condition



Enroll and gain a new competitive skill that is booming and highly demaded nowadays in the Information Security domain.


Please note that FortiSOAR image download/license requires FortiCare entitlement or to be an active partner with Fortinet


Who this course is for:

  • Network Security Specialists & Administrators
  • SOC Operators & Analysts
  • Information Security Sepcialists