Modal title

Modal body text goes here.

The Fortinet Certified Trainer (FCT) assessment is a trainer evaluation process in which each candidate has to prove their training delivery skills. The FCT assessment is a two-day assessment that evaluates the FCT candidate’s ability to maintain Fortinet’s quality standards in technical knowledge, skills and instructional abilities.

Who can apply?

The FCT assessment candidate should be a Fortinet employee or a candidate sponsored by an ATC who has submitted proof of reference, along with an online application form. An FCT candidate who wants to apply for an FCT assessment must meet the following knowledge and experience eligibility requirements:

  • Extensive technical knowledge and skills in network security and cybersecurity
  • Five years of relevant experience in network security and cybersecurity
  • Certification in the required NSE training courses
  • Five years of experience in training delivery in IT security
  • Demonstrable training facilitation and delivery skills

If you meet all of these requirements you can apply for the FCT assessment!

Please contact fct@fortinet.com for queries and suggestions.

Skip to main content
Training Institute
  • Library
  • Schedule
  • Certifications
  • ATC
  • Academic Partner Program
  • Fast Track Workshops
  • Log in
  • Training
  • Library

FortiSIEM Administrator

Download Course Description
Course Description

In this course, you will learn about FortiSIEM initial configurations and architecture, and the discovery of devices on the network. You will also learn how to collect performance information and aggregate it with syslog data to enrich the overall view of the health of your environment, use the configuration database to greatly facilitate compliance audits, and integrate FortiSIEM into your network awareness infrastructure.

Who Should Attend

Security professionals involved in the deployment, administration, maintenance, and troubleshooting of FortiSIEM devices should attend this course.

Prerequisites

You should have an understanding of the topics covered in the FCF - FortiGate Operator course, or have equivalent experience.

Agenda
  1. Architecture
  2. SIEM and PAM Concepts
  3. Discovery
  4. Collectors
  5. Agents
  6. Fortinet Fabric Integration
  7. Reports and Dashboards
  8. Maintaining and Tuning
  9. Troubleshooting
Objectives

After completing this course, you will be able to:

  • Describe FortiSIEM key features and deployment architectures
  • Describe FortiSIEM indicators of compromise (IoC) and reputation check
  • Describe how FortiSIEM receives, collects, normalizes, and enriches logs
  • Describe event type classifications 
  • Describe customer scaling with FortiSIEM collectors and collector high availability (HA)
  • Describe FortiSIEM agent architecture for managed security services providers (MSSP)
  • Describe various Fortinet Security Fabric integrations
  • Perform initial configurations, and role-based access management (RBAC)
  • Configure and troubleshoot asset discovery
  • View performance metrics and perform actions in the configuration management database (CMDB)
  • Deploy, assign, register, and upgrade collectors for MSSP customers
  • Configure and manage collector HA
  • Create and monitor critical business services
  • Analyze business services dashboards
  • Install and register FortiSIEM agents
  • Monitor agent status on the CMDB
  • Monitor events per second (EPS) usage
  • Configure event dropping rules
  • Configure identity and location information in the CMDB
  • Deploy AI-based user entity behavior analysis (UEBA)
  • Configure on-net and off-net detection, and FortiInsight watchlists
  • Configure zero-trust network access (ZTNA) integration
  • Create custom dashboards
  • Load, save, schedule, and import reports
  • Create and run CMDB and UEBA reports
  • Manage collection jobs
  • Define maintenance schedules
  • Monitor system status with FortiSIEM health check scripts
  • Collect and analyze system logs
System Requirements

If you take the online format of this class, you must use a computer that has the following:

  • A high-speed internet connection
  • An up-to-date web browser
  • A PDF viewer
  • Speakers or headphones
  • One of the following:
    • HTML5 support
    • An up-to-date Java Runtime Environment (JRE) with Java Plugin enabled on your web browser

You should use a wired Ethernet connection, not a Wi-Fi connection. Firewalls, including Windows Firewall or FortiClient, must allow connection to the online labs.

Enroll Now

Access the latest self-paced training version

Purchasing Process

More information on how to purchase instructor-led courses, on-demand labs, exam vouchers, and study material.

Find an Instructor-Led Class

Browse our schedule for upcoming classes delivered by Fortinet.

Product Versions
  • FortSIEM 7.2
Course Duration
  • Lecture time (estimated): 7 hours
  • Lab time (estimated): 8 hours
  • Total course duration (estimated): 15 hours
    • 3 full day or 4 half days
Formats
  • Instructor-led (classroom and online)
  • Self-paced online
ISC2
  • CPE training hours: 7
  • CPE lab hours: 8
  • CISSP domains: Security Operations
Part Number (SKU)

See Purchasing Process for more information

Certification

This course does not have a certification exam.

  • Dashboard
  • Library
  • Schedule
You are not logged in. (Log in)
Data retention summary