In this course, you will gain the practical skills of a SOC analyst using FortiAnalyzer for centralized logging and analytics. You will learn how to examine and manage events, and automate threat response using event handlers and playbooks. You will also learn how to identify current and potential threats through incident analysis and outbreak reports. Finally, you will learn how to incorporate FortiAI in your workflow and generate security reports.

Product version: FortiAnalyzer 7.6

After completing this course, you should be able to:

Describe SOC objectives, responsibilities, and roles

Describe the role of FortiAnalyzer in a SOC

Describe FortiAnalyzer Security Fabric integration

Describe how logging works in a Security Fabric

Describe FortiAnalyzer Fabric deployments

Describe FortiAnalyzer operating modes

Describe how FortiAnalyzer parses and normalizes logs

Validate log parsers

Search logs using normalized fields

View and search for logs in the log view

Create saved filters and dashboards

View summary data in FortiView

View dashboards and widget features

Configure event handlers

Manage events

Configure indicators

Create incidents

Analyze incidents

Configure incident settings

Describe FortiAI operations and use cases

Describe threat hunting

Use the log count chart

Use the SIEM log analytics table

Describe outbreak alerts

Collect log volume statistics

Configure an automation stitch

Configure an event handler with an automation stitch enabled

Run and fine-tune predefined reports

Customize reports with macros, custom charts, and datasets

Configure external storage for reports

Group reports

Import and export reports and charts

Attach reports to incidents

Manage and troubleshoot reports

Create new playbooks

Use variables in tasks

Monitor playbooks

Export and import playbooks

Security professionals responsible for Fortinet Security Fabric analytics and automating tasks to detect and respond to cyberattacks using FortiAnalyzer should attend this course.

You must have an understanding of the topics covered in the following courses, or have equivalent experience:

FCA -　FortiGate Operator

FortiAnalyzer Administrator
It is also recommended that you have knowledge of the following topic:

SQL　SELECT　statement syntax

SOC Concepts and Security Fabric

Log Data Flow and Navigation

Events, Indicators, and Incidents

FortiAI, Threat Hunting, and Troubleshooting

Reports

Playbooks

This course prepares you for the FCP - FortiAnalyzer 7.6 Analyst exam. By passing this exam, you will be awarded the associated exam badge.

This exam is part of the FCP Security Operations certification track.

If you take the online format of this class, you must use a computer that has the following:

A high-speed Internet connection

An up-to-date web browser

A PDF viewer

Speakers or headphones

One of the following:

HTML 5 support

An up-to-date Java Runtime Environment (JRE) with Java Plugin enabled on your web browser
You should use a wired Ethernet connection,　not　a WiFi connection. Firewalls, including Windows Firewall or FortiClient, must allow connections to the online labs.