Modal title

Modal body text goes here.

The Fortinet Certified Trainer (FCT) assessment is a trainer evaluation process in which each candidate has to prove their training delivery skills. The FCT assessment is a two-day assessment that evaluates the FCT candidate’s ability to maintain Fortinet’s quality standards in technical knowledge, skills and instructional abilities.

Who can apply?

The FCT assessment candidate should be a Fortinet employee or a candidate sponsored by an ATC who has submitted proof of reference, along with an online application form. An FCT candidate who wants to apply for an FCT assessment must meet the following knowledge and experience eligibility requirements:

  • Extensive technical knowledge and skills in network security and cybersecurity
  • Five years of relevant experience in network security and cybersecurity
  • Certification in the required NSE training courses
  • Five years of experience in training delivery in IT security
  • Demonstrable training facilitation and delivery skills

If you meet all of these requirements you can apply for the FCT assessment!

Please contact fct@fortinet.com for queries and suggestions.

Skip to main content
Training Institute
  • Library
  • Schedule
  • Certifications
  • ATC
  • Academic Partner Program
  • Fast Track Workshops
  • Log in
  • Training
  • Library

FortiSIEM Parser

Learn at your own pace or choose a format that suits you best.

Download Course Description
Course Description

In this course, you will learn how to create custom parsers to extend the integration capability of FortiSIEM to a wider range of devices and custom applications. You will learn how parsers recognize the type of device or application that sent the data, extract and save key information from the log, and map the device type and log information to an event type.

Who Should Attend

Cybersecurity professionals responsible for creating custom parsers on FortiSIEM should attend this course.

Prerequisites

You must have an understanding of the topics covered in the following courses, or have equivalent experience:

  • NSE 4 FortiGate Security
  • NSE 4 FortiGate Infrastructure
  • NSE 5 FortiSIEM

It is also recommended that you have knowledge of programming languages and regular expressions.

Agenda
  1. Introduction
  2. Regular Expressions
  3. Event Format Recognizers
  4. Parsing Instructions
  5. Switch-Case Constructs
  6. Custom CMDB Event Types
  7. Choose-When Constructs
  8. Key Value Pair Logs
  9. Value List Logs
  10. Advanced Features
Objectives

After completing this course, you will be able to do the following:

  • Examine how FortiSIEM determines which parsers to use
  • Review parser terminology and steps to create a parser
  • Identify different log types and structures
  • Review basic and advanced regex patterns
  • Use tools for regex validation and development
  • Identify appropriate uses of global and local patterns
  • Define local and global patterns
  • Identify common string patterns in event logs
  • Create event format recognizers
  • Configure parsing instructions to extract and map data
  • Build collectFieldsByRegex functions
  • Build setEventAttribute functions
  • Add comments to parser code
  • Build conditional matching logic capabilities in parsers
  • Parse and normalize date and time from logs
  • Add, categorize, and query the CMDB for new parser events
  • Create parsers for various log types
  • Manipulate extracted strings from logs
  • Perform calculations on variables or attributes
  • Calculate event severity with syslog priority values
  • Use advanced functions to parse JSON logs
  • Enable FortiSIEM support for logs in other languages
System Requirements

If you take the online format of this class, you must use a computer that has the following:

  • A high-speed Internet connection
  • An up-to-date web browser
  • A PDF viewer
  • Speakers or headphones
  • One of the following:
    • HTML 5 support or
    • An up-to-date Java Runtime Environment (JRE) with Java plugin enabled on your web browser

You should use a wired Ethernet connection, not a WiFi connection. Firewalls, including Windows Firewall or FortiClient, must allow connections to the online labs.

Enroll Now

Access the latest self-paced training version
Purchasing Process

More information on how to purchase instructor-led courses, on-demand labs, exam vouchers, and study material.
Find an Instructor-Led Class

Browse our schedule for upcoming classes delivered by Fortinet.
Product Version
  • FortiSIEM 6.3
Course Duration
  • Lecture time (estimated): 4 hours
  • Lab time (estimated): 6 hours
  • Total course duration (estimated): 10 hours / 2 days
Formats
  • Instructor-led (classroom and online)
  • Self-paced online
(ISC)2

  • CPE training hours: 4
  • CPE lab hours: 6
  • CISSP domains: Security Operations

Part Number (SKU)
  • FT-FSM-PSR: Instructor-led course
  • FT-FSM-PSR-LAB: Lab access within self-paced course

See Purchasing Process for more information

Certification

This course does not have a certification exam.

  • Library
  • Schedule
You are not logged in. (Log in)
  • Library
  • Schedule
  • Certifications
  • ATC
  • Academic Partner Program
  • Fast Track Workshops
Data retention summary