Modal title

Modal body text goes here.

The Fortinet Certified Trainer (FCT) assessment is a trainer evaluation process in which each candidate has to prove their training delivery skills. The FCT assessment is a two-day assessment that evaluates the FCT candidate’s ability to maintain Fortinet’s quality standards in technical knowledge, skills and instructional abilities.

Who can apply?

The FCT assessment candidate should be a Fortinet employee or a candidate sponsored by an ATC who has submitted proof of reference, along with an online application form. An FCT candidate who wants to apply for an FCT assessment must meet the following knowledge and experience eligibility requirements:

  • Extensive technical knowledge and skills in network security and cybersecurity
  • Five years of relevant experience in network security and cybersecurity
  • Certification in the required NSE training courses
  • Five years of experience in training delivery in IT security
  • Demonstrable training facilitation and delivery skills

If you meet all of these requirements you can apply for the FCT assessment!

Please contact fct@fortinet.com for queries and suggestions.

Skip to main content
NSE Institute
  • Library
  • Schedule
  • Certifications
  • ATC
  • Network Security Academy
  • Log in
  • Training
  • Library

FortiSIEM Parser

Learn at your own pace or choose a format that suits you best.

Download Course Description
Course Description

In this two-day course, you will learn how to create custom parsers to extend FortiSIEM’s scope to as-yet unknown devices and custom applications whose log formats would not otherwise be understood by FortiSIEM.

You will learn how parsers recognize the type of device or application that sent the data, extract and save key information from the log, and map the device type and log information to an event type.

Who Should Attend

Anyone who is responsible for day-to-day management of FortiSIEM.

Agenda
  1. Introduction
  2. Regular Expressions
  3. Parser Recognizers
  4. Collect Fields by RegEx
  5. Switch Construct
  6. Adding Events to the CMDB
  7. Choose Construct
  8. Handling Key Value Pair Logs
  9. Handling Value List Logs
  10. Advanced Features
Objectives

After completing this course, you should be able to:

  • Describe the steps to create a parser
  • Create simple regular expressions
  • Use local and global patterns
  • Identify what information to extract from the log
  • Recognize different log formats
  • Extract data and map it to variables and attributes
  • Understand pattern matching
  • Understand the switch construct
  • Understand the choose construct
  • Add events to CMDB
  • Understand key value pairs
  • Work with sets of key value pairs
  • Handle value list logs
  • Understand parser order
  • Clone a system parser
  • Add different languages
System Requirements

If you take the online format of this class, you must use a computer that has the following:

  • A high-speed Internet connection
  • An up-to-date web browser
  • A PDF viewer
  • Speakers or headphones
  • One of the following:
    • HTML5 support
    • An Up-to-date Java runtime environment (JRE) with Java plugin enabled in your web browser

You should use a wired Ethernet connection, not a Wi-Fi connection. Firewalls, including Windows Firewall or FortiClient, must allow connections to the online labs.

Enroll Now

Access the self-paced training
Purchasing Process

More information on how to purchase instructor-led courses, on-demand labs, exam vouchers, and study material.
Find a Class

Browse our schedule for upcoming classes
Product Versions

FortiSIEM 5.2

Formats
  • Instructor-led
  • Instructor-led online
  • Self-paced online
Part Number (SKU)
  • FT-FSM-PSR: Instructor-led course
  • FT-FSM-PSR-LAB: Lab access within self-paced course
Contact your local Fortinet Reseller for purchase and pricing information 

Prerequisites

A basic understanding of programming languages and regular expressions would be an asset. It is also recommended that you have an understanding of the topics covered in NSE 5 FortiSIEM, or have equivalent experience.

Certification

This course does not have a certification exam.

  • Library
  • Schedule
You are not logged in. (Log in)
  • Library
  • Schedule
  • Certifications
  • ATC
  • Network Security Academy
Data retention summary