Modal title

Modal body text goes here.

The Fortinet Certified Trainer (FCT) assessment is a trainer evaluation process in which each candidate has to prove their training delivery skills. The FCT assessment is a two-day assessment that evaluates the FCT candidate’s ability to maintain Fortinet’s quality standards in technical knowledge, skills and instructional abilities.

Who can apply?

The FCT assessment candidate should be a Fortinet employee or a candidate sponsored by an ATC who has submitted proof of reference, along with an online application form. An FCT candidate who wants to apply for an FCT assessment must meet the following knowledge and experience eligibility requirements:

  • Extensive technical knowledge and skills in network security and cybersecurity
  • Five years of relevant experience in network security and cybersecurity
  • Certification in the required NSE training courses
  • Five years of experience in training delivery in IT security
  • Demonstrable training facilitation and delivery skills

If you meet all of these requirements you can apply for the FCT assessment!

Please contact fct@fortinet.com for queries and suggestions.

Skip to main content
Training Institute
  • Library
  • Schedule
  • Certifications
  • ATC
  • Academic Partner Program
  • Fast Track Workshops
  • Log in
  • Training
  • Library

Advanced Analytics

Download Course Description
Course Description

In this course, you will learn how to use FortiSIEM in a multi-tenant environment. You will learn about rules and their architecture, how incidents are generated, how baseline calculations are performed, the different methods of remediation available, and how the nested queries and lookup tables work for advanced analytics using FortiSIEM. You will also learn how to integrate FortiSOAR with FortiSIEM.

Who Should Attend

Security professionals involved in the management, configuration, administration, and monitoring of FortiSIEM and FortiSOAR devices—in an enterprise or service provider deployment—that are used to monitor and secure the networks of customer organizations should attend this course.

Prerequisites

You must have an understanding of the topics covered in the following courses, or have equivalent experience:

  • FCP - FortiGate Security
  • FCP - FortiGate Infrastructure
  • FCP - FortiSIEM

It is also recommended that you have an understanding of the following topics, or have equivalent experience:

  • Python programming
  • Jinja2 templating language for Python
  • Linux systems
  • SOAR technologies
Agenda
  1. Introduction to Multi-Tenancy
  2. Defining FortiSIEM Collectors and FortiSOAR Connectors
  3. Operating Collectors
  4. Windows and Linux Agents
  5. Rules
  6. Single Subpattern Security Rules
  7. Multiple Subpattern Rules
  8. Baselines
  9. Baseline Rules
  10. FortiSIEM UEBA
  11. Nested Queries and Lookup Tables
  12. Clear Conditions
  13. Remediation
Objectives

After completing this course, you should be able to:

  • Identify various implementation requirements for a multi-tenant FortiSIEM deploymen
  • Deploy FortiSIEM in a hybrid environment with and without collectors
  • Design multi-tenant solutions with FortiSIEM
  • Deploy collectors in a multi-tenant environment
  • Manage EPS assignment and restrictions on FortiSIEM
  • Manage resource utilization of a multi-tenant FortiSIEM cluster
  • Maintain and troubleshoot a collector installation
  • Deploy and manage Windows and Linux agents
  • Create rules by evaluating security events
  • Define actions for a single pattern security rule
  • Identify multiple pattern security rules and define conditions and actions for them
  • Differentiate between a standard and baseline report
  • Create your own baseline profiles
  • Deploy FortiSIEM UEBA agents
  • Examine log-based UEBA rules
  • Examine nested queries for advanced analytics
  • Configure lookup tables for advanced analytics
  • Configure clear conditions on FortiSIEM
  • Analyze some out-of-the-box remediation scripts
  • Configure various remediation methods on FortiSIEM
  • Integrate FortiSOAR with FortiSIEM
  • Remediate incidents from FortiSOAR
System Requirements

If you take the online format of this class, you must use a computer that has the following:

  • A high-speed Internet connection
  • An up-to-date web browser
  • A PDF viewer
  • Speakers or headphones
  • One of the following:
    • HTML 5 support
    • An up-to-date Java Runtime Environment (JRE) with Java Plugin enabled on your web browser

You should use a wired Ethernet connection, not a WiFi connection. Firewalls, including Windows Firewall or FortiClient, must allow connections to the online labs.

Enroll Now

Access the latest self-paced training version
Purchasing Process

More information on how to purchase instructor-led courses, on-demand labs, exam vouchers, and study material.
Find an Instructor-Led Class

Browse our schedule for upcoming classes delivered by Fortinet.
Product Versions
  • FortiSIEM 6.7.4
  • FortiSOAR 7.3.2
  • FortiGate 7.2.2
Course Duration
  • Lecture time (estimated): 10 hours
  • Lab time (estimated): 9 hours
  • Total course duration (estimated): 19 hours
    • 3 full days or 5 half days
Formats
  • Instructor-led (classroom and online)
  • Self-paced online
ISC2
  • CPE training hours: 10
  • CPE lab hours: 9
  • CISSP domains: Security Operations
Part Number (SKU)

See Purchasing Process for more information

Exam

This course prepares you for the Fortinet NSE 7 - Advanced Analytics 6.7. By passing this exam, you will be awarded the associated exam badge.

Certification

This exam is in the FCSS Security Operations certification track.

  • Dashboard
  • Library
  • Schedule
You are not logged in. (Log in)
Data retention summary