Modal title

Modal body text goes here.

The Fortinet Certified Trainer (FCT) assessment is a trainer evaluation process in which each candidate has to prove their training delivery skills. The FCT assessment is a two-day assessment that evaluates the FCT candidate’s ability to maintain Fortinet’s quality standards in technical knowledge, skills and instructional abilities.

Who can apply?

The FCT assessment candidate should be a Fortinet employee or a candidate sponsored by an ATC who has submitted proof of reference, along with an online application form. An FCT candidate who wants to apply for an FCT assessment must meet the following knowledge and experience eligibility requirements:

  • Extensive technical knowledge and skills in network security and cybersecurity
  • Five years of relevant experience in network security and cybersecurity
  • Certification in the required NSE training courses
  • Five years of experience in training delivery in IT security
  • Demonstrable training facilitation and delivery skills

If you meet all of these requirements you can apply for the FCT assessment!

Please contact fct@fortinet.com for queries and suggestions.

Skip to main content
Training Institute
  • Library
  • Schedule
  • Certifications
  • ATC
  • Academic Partner Program
  • Fast Track Workshops
  • Log in
  • Training
  • Library

Security Operations Architect

Download Course Description

Blocks

Course Description

In this course, you will learn how to design, deploy, and manage a Fortinet SOC solution using FortiSIEM and FortiSOAR. You will learn how to analyze and respond to security incidents according to industry best practices for incident handling. You will also learn about SOC playbook development, threat hunting, and how to incorporate FortiAI in your workflow.

Who Should Attend

Security professionals involved in the design, implementation, operation, and monitoring of Fortinet SOC solutions using FortiSIEM and FortiSOAR should attend this course.

Prerequisites

You must have an understanding of the topics covered in the NSE 5 - FortiSIEM Analyst course, or have equivalent experience.

Agenda
  1. SOC Concepts and Security Frameworks
  2. Fortinet SOC with FortiSIEM and FortiSOAR
  3. Incident Handling and FortiSIEM
  4. Incident Handling and FortiSOAR
  5. SOC Playbook Development
  6. Threat Hunting
Objectives

After completing this course, you will be able to:

  • Describe the main functions and roles within a SOC
  • Identify the challenges that can be solved by the Fortinet SOC
  • Describe the MITRE ATT&CK Enterprise Matrix and the Cyber Kill Chain
  • Describe how to identify and reduce the attack surface
  • Describe common attack vectors
  • Describe the benefits of using FortiSIEM and FortiSOAR
  • Describe different Fortinet SOC deployment architectures
  • Describe the FortiSOAR Content Hub and connectors
  • Describe FortiAI features
  • Describe FortiAI in FortiSIEM and FortiSOAR
  • Describe reactive and proactive threat hunting processes
  • Generate threat hunting hypotheses
  • Identify and configure data sources
  • Configure data ingestion
  • Configure FortiSIEM rules
  • Execute attack vectors
  • Describe the NIST SP 800-61 incident handling process
  • Describe the incident handling workflow with FortiSIEM and FortiSOAR
  • Analyze, handle, and tune incidents on FortiSIEM
  • Ingest FortiSIEM incidents into FortiSOAR for incident handling
  • Escalate FortiSOAR alerts into incidents
  • Describe automation requirements
  • Describe FortiSOAR playbook steps
  • Run playbooks to enrich indicators
  • Configure a playbook to retrieve a hash rating from FortiSandbox
  • Perform containment on FortiGate, Windows Active Directory, and FortiClient EMS using FortiSOAR connectors
  • Eradicate artifacts from a compromised host
  • Release a compromised host from quarantine after recovery
  • Manage playbook history logs
System Requirements

If you take the online format of this class, you must use a computer that has the following:

  • A high-speed Internet connection
  • An up-to-date web browser
  • A PDF viewer
  • Speakers or headphones
  • One of the following:
    • HTML 5 support
    • An up-to-date Java Runtime Environment (JRE) with Java plugin enabled in your web browser

You should use a wired Ethernet connection, not a Wi-Fi connection. Firewalls, including Windows Firewall or FortiClient, must allow connections to the online labs.

Enroll Now

Access the latest self-paced training version
Purchasing Process

More information on how to purchase instructor-led courses, on-demand labs, exam vouchers, and study material.
Find an Instructor-Led Class

Browse our schedule for upcoming classes delivered by Fortinet.
Product Versions
  • FortiSOAR 7.6
Course Duration
  • Lecture time (estimated): 5 hours
  • Lab time (estimated): 7 hours
  • Total course duration (estimated): 12 hours
    • 2 full days or 4 half days
Formats
  • Instructor-led (classroom and online)
  • Self-paced online
ISC2
  • CPE training hours: 5
  • CPE lab hours: 7
  • CISSP domains: Security Operations
Part Number (SKU)

See Purchasing Process for more information

Exam

More information about the exam.
Certification

This course is intended to help you prepare for the Fortinet NSE 7 - Security Operations Architect exam. This exam is part of the FCSS Security Operations certification track.

Blocks

  • Dashboard
  • Library
  • Schedule
You are not logged in. (Log in)
Data retention summary