Modal title

Modal body text goes here.

The Fortinet Certified Trainer (FCT) assessment is a trainer evaluation process in which each candidate has to prove their training delivery skills. The FCT assessment is a two-day assessment that evaluates the FCT candidate’s ability to maintain Fortinet’s quality standards in technical knowledge, skills and instructional abilities.

Who can apply?

The FCT assessment candidate should be a Fortinet employee or a candidate sponsored by an ATC who has submitted proof of reference, along with an online application form. An FCT candidate who wants to apply for an FCT assessment must meet the following knowledge and experience eligibility requirements:

  • Extensive technical knowledge and skills in network security and cybersecurity
  • Five years of relevant experience in network security and cybersecurity
  • Certification in the required NSE training courses
  • Five years of experience in training delivery in IT security
  • Demonstrable training facilitation and delivery skills

If you meet all of these requirements you can apply for the FCT assessment!

Please contact fct@fortinet.com for queries and suggestions.

Skip to main content
NSE Institute
  • Library
  • Schedule
  • Certifications
  • ATC
  • Network Security Academy
  • Log in
  • Training
  • Library

Advanced Analytics

Learn at your own pace or choose a format that suits you best.

Download Course Description
Course Description
  • How to use FortiSIEM in a multi-tenant environment
  • How to add various organizations to FortiSIEM and discover devices from each organization
  • How to differentiate logs and events from each organization and apply appropriate rules
  • How to dive deep into rules and their architecture
  • About incidents and how they are generated when a rule is triggered
  • About different clear conditions
  • How to dive deep into baseline calculations performed on FortiSIEM
  • How to create your own baseline profile and run queries based on the profile
  • About the methods of remediation available on FortiSIEM, including:
    • The concept of machine learning and AI on FortiSIEM
    • How FortiInsight is tightly integrated with FortiSIEM
    • How to identify UEBA events and the built-in rules that trigger UEBA alerts
    • The MITRE ATT&CK framework and how it integrates with FortiSIEM
    • How to integrate FortiSOAR with FortiSIEM and map tenants on FortiSIEM to FortiSOAR

In interactive labs, you will:

  • Explore the role of FortiSIEM in a service provider environment
  • Configure FortiSIEM in a cluster with a worker and NFS server for data storage
  • Add organizations to FortiSIEM and manage the scope of each organization
  • Register collectors from those organizations on FortiSIEM
  • Register Linux and Windows agents
  • Analyze events from different organizations and understand how those events trigger some of the built-in rules
  • Create your own rules and generate security events to trigger incidents for those rules
  • Generate several different types of ransomware and malware incidents on FortiSIEM and explore them through the MITRE ATT&CK framework view
  • Build the AI model using simulated events and trigger an anomaly
  • Explore various attributes of a UEBA incident
Who Should Attend

Security professionals involved in the management, configuration, administration, and monitoring of FortiSIEM and FortiSOAR devices in an enterprise or service provider deployment used to monitor and secure the networks of customer organizations should attend this course.

Participants should have a thorough understanding of all the topics covered in the NSE 5 FortiSIEM and NSE 7 FortiSOAR Design & Development courses before attending the NSE 7 Advanced Analytics course.

Agenda
  1. Introduction to Multi-Tenancy
  2. Defining Collectors and Agents
  3. Operating Collectors
  4. Windows and Linux Agents
  5. Rules
  6. Single Subpattern Security Rule
  7. Multiple Subpattern Rules
  8. Introduction to Baseline
  9. Baseline
  10. UEBA
  11. MITRE ATT&CK
  12. Clear Conditions
  13. Remediation
Objectives

After completing this course, you should be able to:

  • Identify various implementation requirements for a multi-tenant FortiSIEM deployment
  • Understand how FortiSIEM can be deployed in a hybrid environment with and without collectors
  • Understand multi-tenancy on FortiSOAR
  • Understand EPS restrictions on FortiSIEM
  • Define organizations on FortiSIEM and assign collectors to organizations
  • Deploy collectors in a multi-tenant solution
  • Register collectors on the supervisor
  • Understand the impact of excessive collectors on a FortiSIEM cluster
  • Identify the impact of excessive collectors on a FortiSIEM cluster
  • Manage EPS assignment on collectors
  • Maintain and troubleshoot a collector installation
  • Install Windows and Linux agents and identify the benefits of log collection through agents
  • Understand agent architecture and associate templates with Windows and Linux agents
  • Understand rule processes architecture and differentiate between a rule worker and a rule master
  • Understand how the rule engine sliding time window works when it is evaluating rules
  • Understand the out-of-the-box single pattern security rules and how to create rules by evaluating security events
  • Define actions for a single pattern security rule
  • Understand incident generation and identify the attributes that trigger an incident
  • Identify multiple pattern security rules and define conditions and actions for them
  • Understand how baseline data is useful in creating conditions in rules
  • Differentiate between a standard report and a baseline report
  • Understand the built-in baseline profile and learn to create your own baseline profiles
  • Understand how statistical average and standard deviation calculations are performed on FortiSIEM
  • Understand hourly buckets for weekdays and weekends
  • Understand what MITRE ATT&CK is
  • Understand how the MITRE ATT&CK framework fits with the FortiSIEM incident process
  • Explore incidents in the MITRE ATT&CK framework on FortiSIEM
  • View rule coverage in the MITRE ATT&CK framework on FortiSIEM
  • Drill down incidents from the MITRE ATT&CK framework on FortiSIEM
  • Explore the MITRE ATT&CK framework on FortiSOAR
  • Understand UEBA agent deployment
  • Understand the AI module
  • Understand the UEBA algorithm
  • Understand the UEBA rules, UEBA reports, UEBA event types, and UEBA windows template
  • Understand clear conditions on FortiSIEM and walk through a rule with clear conditions
  • Learn about remediation options on FortiSIEM and analyze some out-of-the-box remediation scripts
  • Learn to remediate incidents from FortiSOAR
System Requirements

If you take the online format of this class, you must use a computer that has the following:

  • A high-speed Internet connection
  • An up-to-date web browser
  • A PDF viewer
  • Speakers or headphones
  • One of the following:
    • HTML 5 support
    • An up-to-date Java Runtime Environment (JRE) with Java Plugin enabled on your web browser

You should use a wired Ethernet connection, not a WiFi connection. Firewalls, including Windows Firewall or FortiClient, must allow connections to the online labs.

Enroll Now

Access the self-paced training
Find a Class

Browse our schedule for upcoming classes
Formats
  • Instructor-led classroom
  • Instructor-led online
  • Self-paced online
Product Versions

  • FortiSIEM 6.3.0
  • FortiSOAR 7.0.1
  • FortiGate 7.0.1

Part Number (SKU)
  • FT-ADA: Instructor-led course
  • FT-ADA-LAB: Lab access within self-paced course
Contact your local Fortinet Reseller for purchase and pricing information 

Prerequisites
  • Knowledge of network protocols
  • Basic understanding of firewall concepts
  • Basic understanding of SIEM products
  • Basic understanding of SOAR products
  • Familiarity with Python programming, and the Jinja2 templating language for Python is recommended
  • Basic understanding of Linux

It is highly recommended that you have an understanding of the topics covered in the NSE 5 FortiSIEM course.

It is recommended that you have an understanding of the topics covered in the NSE 7 FortiSOAR Design & Development course.

Certification

This course prepares you for the NSE 7 Advanced Analytics certification exam.

  • Library
  • Schedule
You are not logged in. (Log in)
  • Library
  • Schedule
  • Certifications
  • ATC
  • Network Security Academy
Data retention summary