
Explore FortiSIEM deployment options across hardware, os packages, and virtualization types (vmware, kvm, hyper-v) plus cloud (aws, gcp, azure) with 64 gb ram and 32 cpu core sizing.
Onboard a worker in FortiSIEM by adding a worker node in VMware, entering the IPv4 address, selecting VM, configuring /dev/sdc, and ensuring communication without extra CLI steps.
Understand log flow in the FortiSIEM architecture: syslog to collector via supervisor, with agents validating licenses; use a collector proxy to reach remote supervisors for SNMP, JDBC, and cloud traffic.
Explain how keeper clusters manage shards, replicas, and replication in a multi-tenant MSSP setup, with supervisors handling oversight and per-organization shard distribution.
Discover how FortiSIEM integrates devices across cloud services such as AWS, Azure, and GCP, plus servers, apps, and network devices, using JDBC and syslog, with parsers for custom logs.
FortiSIEM deployment for a midsize organization guides integrating firewall, switches, Windows and Linux servers, cloud services, and email security using documentation, SNMP, syslog, and CloudWatch steps.
Learn to integrate Active Directory LDAP users with FortiSIEM to log in using LDAP credentials. Configure credentials, base DN, and external authentication to discover AD users into the CMDB.
Configure SNMP integration in FortiSIEM by setting credentials for SNMP v2 or v3, testing connectivity, and discovering devices to monitor uptime, downtime, and usage.
Learn to integrate VirusTotal and FortiGuard IOC with FortiSIEM: configure external integrations, enter API keys, set up automation policies, and auto-populate reputation for new incidents.
Integrate threat intel into FortiSIEM by enabling IOC services, scheduling hourly updates for malware IP lists, and linking these feeds to rules that trigger alerts.
Download the FortiSIEM Windows and Linux agents from the support portal and downloads page, choose version 7.2.2, download the zip files via https, and save them for installation.
FortiSIEM – Engineer's Guide for Deployment and Configuration
Course Description:
This comprehensive, hands-on course is designed for security engineers, SOC analysts, MSSP professionals, and IT administrators who want to master the deployment, configuration, and operational management of Fortinet's FortiSIEM platform. Covering over 300 minutes of in-depth training, this course takes you from foundational concepts to advanced implementation strategies across real-world enterprise and MSSP environments.
FortiSIEM is a powerful, scalable Security Information and Event Management (SIEM) solution that combines security monitoring with performance analytics. Whether you're new to FortiSIEM or looking to refine your deployment and tuning skills, this course equips you with the knowledge and tools needed to build, customize, and maintain a robust security monitoring environment.
What You Will Learn:
FortiSIEM Architecture Overview
Understanding core components: Supervisor, Worker, Collector, and Database
Deployment models for SMBs, Enterprises, and MSSPs
Installation and Initial Setup
System requirements and sizing for EPS/GB/day
VM-based and hardware appliance deployments
Network architecture and deployment planning
Device Integration and Log Collection
Onboarding devices (Fortinet, Cisco, Windows, Linux, Palo Alto, etc.)
Configuring syslog, SNMP, WMI, and agent-based collection
Troubleshooting parser and log ingestion issues
Parser and Event Normalization
Custom parser creation for unsupported log sources
Debugging and testing event patterns
Mapping events to CMDB assets and log types
Rules, Alerts, and Correlation
Writing detection rules with filters and patterns
Use case implementation (Brute Force, Malware Activity, Policy Violations)
Alert enrichment and auto-remediation options
Dashboards, Reports, and CMDB
Building role-based dashboards and KPI widgets
Generating compliance-ready reports (PCI-DSS, ISO, NIST)
Managing the Configuration Management Database (CMDB)
Multi-Tenancy and MSSP Configuration
Isolating tenant data and access
Designing scalable MSSP architecture
Resource allocation and performance optimization
System Hardening and Best Practices
Backup and disaster recovery planning
Retention, storage, and archive configuration
Performance tuning and EPS optimization
Advanced Topics
Threat intelligence (CTI) integration
Playbook and incident response automation
API usage for integration with external systems (SOAR, ticketing, etc.)
Who Should Take This Course:
Security Engineers and Analysts
SOC Managers and Architects
MSSP Operators
Fortinet Partners and Consultants
IT Admins seeking in-house SIEM solutions
Prerequisites:
Basic knowledge of networking and security operations
Familiarity with Fortinet or other security tools (helpful, not mandatory)
Understanding of log formats and system logs
Course Features:
5+ hours of video content
Hands-on lab demonstrations
Real-world implementation scenarios
Quizzes and configuration walkthroughs
Downloadable documentation templates and scripts
Access to a private Q&A forum