FortiSIEM for network administrators- Hands-on!

As digital transformation sweeps through every industry, the attack surface grows dramatically (and constantly), making security management increasingly difficult. Security teams struggle to keep up with the deluge of alerts and other information generated by their multitude of security devices. And the cybersecurity skills gap only makes this more difficult.

Infrastructure, applications, and endpoints (including IoT devices) must all be secured. This requires visibility of all devices and all the infrastructure in real-time. Organizations also need to know what devices represent a threat and where. FortiSIEM is a Powerful Security Information and Event Management (SIEM) with User and Entity Behavior Analytics (UEBA).

FortiSIEM brings together visibility, correlation, automated response, and remediation in a single, scalable solution. It reduces the complexity of managing network and security operations to effectively free resources, improves breach detection, and even prevent breaches.

What’s more is that our architecture enables unified data collection and analytics from diverse information sources including logs, performance metrics, security alerts, and configuration changes. FortiSIEM combines the analytics traditionally monitored in separate silos of the security operations center (SOC) and network operations center (NOC) for a more holistic view of the security and availability of the business.

In addition, FortiSIEM UEBA leverages machine learning and statistical methodologies to baseline normal behavior and incorporate real-time, actionable insights into anomalous user behavior regarding business-critical data. By combining telemetry that is pulled from endpoint sensors, network device flows, server and applications logs, and cloud APIs, FortiSIEM is able to build comprehensive profiles of users, peer groups, endpoints, applications, files, and networks.  FortiSIEM UEBA behavioral anomaly detection is a low-overhead but high-fidelity way to gain visibility of end-to-end activity, from endpoints to on-premises servers and network activity, to cloud applications.

The documentation of FortiSIEM is so confusing and I have tried to share my experience in FortiSIEM, tried not to be boring course from the slides. All the course is based on the scenario and I have explained step by step in FortiSIEM rather than slides. You gain much information on how to install, configure, manage FortiSIEM in your network environment.

Upon successful completion, the student will be able to:

- FortiSIEM basic concept

- Understand the process of normalization in FortiSIEM

- Understand how FortiSIEM receives and collects logs

- Connect different devices to FortiSIEM

- Users and Roles

- Working with SNMP, SSH

- Manual and auto Discovery in FortiSIEM

- Agent Installation( Windows- Linux ) 

- Incidents and dashboard

- Create custom dashboards in FortiSIEM to analyze logs