In this three-day course, you will learn how to use FortiSIEM in a multi-tenant environment. You will learn to add various organizations to FortiSIEM and discover devices from each organization. You will learn to differentiate logs and
events from each organization and apply appropriate rules. You will dive deep into rules and their architecture. You will also learn about incidents and how they are generated when a rule is triggered. You will learn about different
clear conditions. You will also dive deep into baseline calculations performed on FortiSIEM. You will learn to create your own baseline profile and run queries based on the profile. Finally, you will learn the methods of remediation
available on FortiSIEM.
In interactive labs, you will explore the role of FortiSIEM in a service provider environment. You will configure FortiSIEM in a cluster with a worker and NFS server for data storage. You will add organizations to FortiSIEM and manage
the scope of each organization. You will register collectors from those organizations on FortiSIEM. You will also register Linux and Windows agents. You will analyze events from different organizations and understand how those events
trigger some of the built-in rules. You will create your own rules and generate security events to trigger incidents for those rules.