
Fortinet FortiSOAR automates alert processing and incident response with playbooks and workflows, linking detection sources to crisis war room collaboration in a SOC.
Download the FortiSOAR 44 VMware Enterprise OVA from Fortinet support, import it, and configure network settings before activating a trial license.
Navigate Fortinet FortiSOAR's GUI and master the initial deployment: set up proxy and licenses, follow the deploy, streamline, accelerate, maintain framework, and configure data ingestion, enrichment, and basic playbooks.
Understand FortiSOAR foundations, architecture, and deployment models, including unified incident response, alert triaging automation, SOC optimization, and enterprise and multi-tenant architectures.
Ingest FortiSIEM incidents into FortiSOAR by configuring connectors, mapping fields, and triggering ingestion playbooks to automate high-severity incident response.
Configure the exchange connector to ingest Office 365 emails into FortiSOAR and trigger automated incident response playbooks for suspicious or phishing emails.
Install and configure the VirusTotal Connector in FortiSOAR to retrieve IP, domain, URL and file reputation, then run playbooks with actions like get IP reputation and submit URL.
Explore dashboards, templates, and widgets in Fortinet FortiSOAR, create custom layouts with rows, columns, tabs, and iframe widgets, and visualize alerts, incidents, and performance metrics.
Explore Fortinet FortiSOAR module templates from zero to hero, covering dashboard templates, list and detailed views, header and primary detail widgets, playbooks, audit timelines, relationships, and SLA countdown timers.
Explore how global searches span alerts, incidents, tags, attachments, and content hub, and learn to refine results with module-level filters, exact-match tags, and saved or default filters.
Learn how to use the application editor to create or edit modules, define fields and display templates, configure RBAC, and publish changes for your FortiSOAR instance.
Explore how FortiSOAR playbooks automate incident response with sequential steps, trigger options (manual and event), and API endpoints, plus connectors, collections, and variables.
Explore the core steps of Fortinet FortiSOAR playbooks, including create, update, and find records, ingest bulk feeds, and set variables, with loop, conflict handling, and error controls.
Explore how to design evaluate steps in Fortinet FortiSOAR playbooks, including decision, wait, approval, manual task, and manual input, with conditions, branches, and escalation.
Learn to build Fortinet FortiSOAR playbooks with execute steps, connectors, utilities, and code snippets; perform VirusTotal IP reputation lookups, send emails, and manage API key authentication and privileges.
Design and deploy a bulk reassign workflow in Fortinet FortiSOAR, using a manual trigger and update records to assign alerts to level three analysts, with variables and debugging.
Perform IP enrichment for newly added indicators using VirusTotal in Fortinet FortiSOAR. Build an on-create playbook that retrieves IP reputation and classifies it as malicious, suspicious, or safe.
Trigger on IP indicators in FortiSOAR playbook, use VirusTotal IP reputation to flag malicious or suspicious, create a critical alert, seek approval, and block IP on FortiGate after approval.
Automate critical IOC responses by routing analyst approvals to a FortiGate connector, create the IOC address, add it to a firewall policy, and block it automatically.
Generalize your IOC blocking playbook to handle IP and URL IOCs by integrating VirusTotal lookups, web filter updates, and FortiGate blocks.
Learn to harden FortiSOAR IP enrichment by building resilient lookups from VirusTotal and IBM X-Force, using computed scores, error handling, and variable-driven decision logic to prevent failures.
Automate IOC extraction from CTI advisories in Fortinet FortiSOAR by building a playbook that converts file attachments into indicator records using the file content extractor and extract indicators.
Explore playbook nesting and parameter passing in FortiSOAR, learning to split complex tasks into layered master and child playbooks, share input records, and pass variables and results.
Master nested playbooks in FortiSOAR by passing parameters between parent and child blocks, using set variable steps to return results, and orchestrating VirusTotal and X-Force reputation lookups.
Learn to access the FortiSOAR CLI via ssh to check, stop, and restart services for troubleshooting, using basic unix commands on CentOS 7.9.
Avoid infinite playbook loops by not ending with the same action that starts them; use manual or on-create triggers instead of on-update to protect reputation updates and prevent license waste.
Fortinet FortiSOAR is a holistic Security Orchestration, Automation and Response (SOAR) workbench, designed for SOC teams to efficiently respond to the ever-increasing influx of alerts, repetitive manual processes, and shortage of resources. It pulls together all of organization's tools, helps unify operations and reduces alert fatigue, context switching, and the mean time to respond to incidents.
FortiSOAR is extremely a flexible product with many important and usefull features, which along with outstanding customer support brings SOC environment to next level.
FortiSOAR provides the ability to customize GUI and affect SOC working environment effectively. "Less clicks is better!" Robastic Integration with 3rd party tools - many API based connectors with example playbooks which can be easily adopted for company needs. Customer Support - great attitude, professionality, very customer oriented.
Through baby steps you will learn Fortinet FortiSOAR important topics that include but not limited to the following:
Part I - FortiSOAR Basics
Lecture 1: Introduction
Lecture 2: Installation
Lecture 3: GUI Demystified - part1
Lecture 4: GUI Demystified - part2
Lecture 5: Foundations and Architecture
Lecture 6: Ingesting FortiSIEM Incidents into FortiSOAR
Lecture 7: Ingesting Microsoft Exchange Office365 messages into FortiSOAR
Lecture 8: Installing and Configuring VirusTotal Connector
Lecture 9: Dashboards, Templates and Widgets
Lecture 10: Module Templates
Lecture 11: Searches and Filters
Lecture 12: Application Editor
Part II - Playbooks
Lecture 13: Playbooks introduction & Trigger Steps
Lecture 14: Playbooks Core steps
Lecture 15: Playbooks Evaluate steps
Lecture 16: Playbooks Execute steps and others
Lecture 17: Designing Our First playbook - Reassign Analyst
Lecture 18: Perform IP Enrichment for Newly Added IOC
Lecture 19: Create Critical Alert for Bad IOC, Approve, and [Manually] Block on Firewall
Lecture 20: Create Critical Alert for Bad IOC, Approve, and [Auto] Blocking on Firewall
Lecture 21: Generalize IOC Lookup/Auto-Block Playbook for Bad IP and URL
Lecture 22: Perform IP Enrichment from 2 CTIs & Manipulate IBM XForce Results using Code Snippet Step
Lecture 23: Increasing the Resiliency of IP Enrichment
Lecture 24: Automate IOC Extraction From CTI Advisories
Lecture 25: Playbooks Nesting and Parameters Passing
Lecture 26: Playbooks Nesting and Parameters Passing - Part2 (Hands-On)
Appendix
Lecture 27: CLI and Troubleshooting
Lecture 28: Avoid Playbooks Running Forever Condition
Enroll and gain a new competitive skill that is booming and highly demaded nowadays in the Information Security domain.
Please note that FortiSOAR image download/license requires FortiCare entitlement or to be an active partner with Fortinet