Who should attend
This course is intended for cybersecurity professionals responsible for planning, designing, and customizing FortiSOAR deployments, integrating FortiSOAR with FortiGate, FortiSIEM, and FortiMail, and FortiSOAR playbook design and development.
Prerequisites
Familiarity with Python programming, and the Jinja2 templating language for Python is required to benefit from this course.
Familiarity with the following Fortinet products is beneficial:
- FortiGate Security (FORT-SECI)
- FortiGate Infrastructure (FORT-INFRA)
- FortiSIEM (FORT-SIEM)
- FortiMail (FORTIMAIL)
System Requirements- If you take the online format of this class, you must use a computer that has the following:
- A high-speed internet connection
- An up-to-date web browser
- A PDF viewer
- Speakers or headphones
One of the following:
- HTML5 support
- An up-to-date Java Runtime Environment (JRE) with the Java Plugin enabled in your web browser
You should use a wired Ethernet connection, not a Wi-Fi connection. Firewalls, including Windows Firewall or FortiClient, must allow connections to the online labs.
Course Objectives
After completing this course, you will be able to:
- Identify the role of FortiSOAR in a SOC environment
- Plan a FortiSOAR deployment
- Manage incidents and alerts in a SOC environment
- Explore, create, and customize dashboards
- Explore the structure of a template
- Create, customize, and analyze various dashboard widgets
- Create, customize, and publish modules
- Search for records and filter search records
- Analyze field-type options in the field editor
- Categorize playbook trigger types
- Build a user prompt from a manual trigger step
- Understand the basics of Jinja syntax
- Define variables and dictionaries in Jinja
- Configure step utilities within a playbook step
- Configure various core steps of a playbook
- Use the advanced editor within a playbook step
- Analyze the details of an approval record
- Review the connector store
- Understand connector configuration
- Configure different modes of data ingestion
- Configure data ingestion from FortiSIEM
- Install and configure connectors and apply them to a playbook
- Configure various utility steps
- Configure referenced playbooks
- Configure and use dynamic variables and values
- Use expressions to customize playbook input and outputs
- Use common Jinja filters and functions
- Use the json_query filter to extract data from complex data structures
- Configure for loop functions and if statements
Course Content
In this three-day class, you will learn how to use FortiSOAR to design simple to complex playbooks. You will learn to create your own dashboards using various built-in widgets, and install widgets from the widget library. You will review the dashboards that are built-in to FortiSOAR and learn to edit them according to your requirements.
In practical labs, you will explore the role of FortiSOAR in mitigating malicious indicators and creating interactive dashboards to display relevant information about alerts and incidents. You will design a playbook to extract indicators from a phishing email alert. You will also design a playbook to enrich those indicators using connectors to query threat intelligence platforms, such as FortiGuard. You will also design a playbook to mitigate malicious indicators by blocking them on FortiGate. You will configure a FortiSIEM connector to ingest incidents into FortiSOAR.
Certification- This course prepares you for the NSE 7 FortiSOAR Design and Development 6.4 exam.
English