Fortinet FortiSIEM - Un BootCamp étape par étape

Aperçu

Tackle cyber threats in real time by using powerful, scalable, and efficient SIEM security software. That’s FortiSIEM.

What you'll learn:

Security Information and Event ManagementSIEMFortinet FortiSIEMHands-ONUse Cases Do you want to enter the SIEM field? Do you want to learn one of the leaders SIEM technologies?

Do you want to understand the concepts and gain the handson on Fortinet FortiSIEM? Then this course is designed for you.

Through baby steps you will learn Fortinet FortiSIEM FortiSIEM is a highly scalable multi-tenant Security Information and Event Management (SIEM) solution that provides real time infrastructure and user awareness for threat detection, analysis and reporting. FortiSIEM provides an actionable security intelligence platform to monitor security, performance and compliance through a single pane of glass.FortiSIEM has hundreds of customers worldwide in markets including managed services, technology, financial services, healthcare, and government.

Companies around the world use FortiSIEM for the following use cases:

Threat management and intelligence that provide situational awareness and anomaly detectionAlleviating compliance mandate concerns for PCI, HIPAA and SOXManaging “alert overload”Handling the “too many tools” reporting issueDetect unusual user and entity behavior (UEBA) without requiring the Administrator to write complex rules.Addressing the MSPs/MSSPs pain of meeting service level agreementsFortinet FortiSIEM was previously known as FortiSIEM, AccelOps.The course is covering below topics- Introduction- Foundations and Reference Architecture- Scale-Out Architecture- Distributed Event Correlation- Clustering Architecture- Licensing- High Availability and Disaster Recovery - ClickHouse- FortiSIEM Sizing - ClickHouse- All-In-One Supervisor Installation- FortiCollector Installation & Registeration- FSM GUI simplified- Windows Agent Installation, Registeration and Template Association- Search via Analytics page- Incidents, Rules Development and Troubleshooting- Sysmon Log Integration into FortiSIEM- Sigma Rules and Sysmon Rule Development- Command Line_Powershell Auditing and Sigma Rule Translation- Attack Scenario, File Integrity Monitoring and Linux Agent Installation- Dashboards and Business Services- Reports- Device Discovery - FortiGate - SNMP, SSH, SYSLOG, and NETFLOW- Discovery Settings, CMDBGroups, Business Services and Custom Properties- Upload New License File- NFS Archive and Retention Policy- Validate and Search Archives- ClickHouse Warm Tier disk addition to Extend Online Retention- Splitting Data & Control Planes - Adding Network Interface to FortiSIEM- Deep Dive on FortiSIEM Licensing and Part Numbers

Programme

• Introduction au SIEM
Qu'est-ce que le SIEM ?
Aperçu de l'industrie du SIEM
• Introduction à Fortinet FortiSIEM
Caractéristiques clés de FortiSIEM
Aperçu de l'architecture FortiSIEM
• Installation et Configuration
Exigences système
Options de déploiement
Étapes de configuration initiale
• Ingestion et Analyse des Données
Méthodes de collecte des événements
Configuration des connecteurs et analyseurs
• Supervision et Alertes
Surveillance en temps réel
Configuration des alertes et notifications
• Réponse aux Incidents
Enquête et gestion des incidents
Automatisation des actions de réponse
• Rapports et Analytique
Création de rapports personnalisés
Exploitation de l'analytique pour obtenir des insights
• Meilleures Pratiques FortiSIEM
Optimisation des performances
Conseils pour l'évolutivité
• Études de Cas et Cas d'usage
Applications réelles de FortiSIEM
Histoires de succès
• Résumé du Cours
Revue des concepts clés
Session de questions-réponses

---

Enseigné par

Hatem Metwally

---

Matières

Information Security (InfoSec)