Fortinet FortiSIEM - Un BootCamp Paso a Paso

Resumen

Tackle cyber threats in real time by using powerful, scalable, and efficient SIEM security software. That’s FortiSIEM.

What you'll learn:

Security Information and Event ManagementSIEMFortinet FortiSIEMHands-ONUse Cases Do you want to enter the SIEM field? Do you want to learn one of the leaders SIEM technologies?

Do you want to understand the concepts and gain the handson on Fortinet FortiSIEM? Then this course is designed for you.

Through baby steps you will learn Fortinet FortiSIEM FortiSIEM is a highly scalable multi-tenant Security Information and Event Management (SIEM) solution that provides real time infrastructure and user awareness for threat detection, analysis and reporting. FortiSIEM provides an actionable security intelligence platform to monitor security, performance and compliance through a single pane of glass.FortiSIEM has hundreds of customers worldwide in markets including managed services, technology, financial services, healthcare, and government.

Companies around the world use FortiSIEM for the following use cases:

Threat management and intelligence that provide situational awareness and anomaly detectionAlleviating compliance mandate concerns for PCI, HIPAA and SOXManaging “alert overload”Handling the “too many tools” reporting issueDetect unusual user and entity behavior (UEBA) without requiring the Administrator to write complex rules.Addressing the MSPs/MSSPs pain of meeting service level agreementsFortinet FortiSIEM was previously known as FortiSIEM, AccelOps.The course is covering below topics- Introduction- Foundations and Reference Architecture- Scale-Out Architecture- Distributed Event Correlation- Clustering Architecture- Licensing- High Availability and Disaster Recovery - ClickHouse- FortiSIEM Sizing - ClickHouse- All-In-One Supervisor Installation- FortiCollector Installation & Registeration- FSM GUI simplified- Windows Agent Installation, Registeration and Template Association- Search via Analytics page- Incidents, Rules Development and Troubleshooting- Sysmon Log Integration into FortiSIEM- Sigma Rules and Sysmon Rule Development- Command Line_Powershell Auditing and Sigma Rule Translation- Attack Scenario, File Integrity Monitoring and Linux Agent Installation- Dashboards and Business Services- Reports- Device Discovery - FortiGate - SNMP, SSH, SYSLOG, and NETFLOW- Discovery Settings, CMDBGroups, Business Services and Custom Properties- Upload New License File- NFS Archive and Retention Policy- Validate and Search Archives- ClickHouse Warm Tier disk addition to Extend Online Retention- Splitting Data & Control Planes - Adding Network Interface to FortiSIEM- Deep Dive on FortiSIEM Licensing and Part Numbers

Programa

• Introducción a SIEM
¿Qué es SIEM?
Panorama de la industria SIEM
• Introducción a Fortinet FortiSIEM
Características clave de FortiSIEM
Panorama de la arquitectura de FortiSIEM
• Instalación y configuración
Requisitos del sistema
Opciones de implementación
Pasos de configuración inicial
• Ingesta de datos y análisis
Métodos de recolección de eventos
Configuración de conectores y analizadores
• Monitoreo y alertas
Monitoreo en tiempo real
Configuración de alertas y notificaciones
• Respuesta a incidentes
Investigación y gestión de incidentes
Automatización de acciones de respuesta
• Informes y análisis
Creación de informes personalizados
Uso del análisis para obtener información
• Mejores prácticas de FortiSIEM
Optimización del rendimiento
Consejos de escalabilidad
• Estudios de caso y casos de uso
Aplicaciones de FortiSIEM en el mundo real
Historias de éxito
• Conclusión del curso
Revisión de los conceptos clave
Sesión de preguntas y respuestas

---

Impartido por

Hatem Metwally

---

Materias

Information Security (InfoSec)