In this course, you will gain the practical skills of a SOC analyst using FortiAnalyzer
for centralized logging and analytics. You will learn how to examine and manage
events, and automate threat response using event handlers and playbooks. You
will also learn how to identify current and potential threats through incident
analysis and outbreak reports. Finally, you will learn how to incorporate FortiAI in
your workflow and generate security reports.

Product Version

FortiAnalyzer 7.6

Course Duration

Lecture time (estimated): 5 hours
Lab time (estimated): 6 hours
Total course duration (estimated): 11 hours
2 full days or 3 half days

Who Should Attend

Security professionals responsible for Fortinet Security Fabric analytics and automating tasks to detect and
respond to cyberattacks using FortiAnalyzer should attend this course.

Certification

This course is intended to help you prepare for the FCP – FortiAnalyzer 7.6 Analyst exam. This exam is part of the
Fortinet Certified Professional – Security Operations certification track.

Prerequisites
You must have an understanding of the topics covered
in the following courses, or have equivalent experience:
l FCA – FortiGate Operator
l FortiAnalyzer Administrator
It is also recommended that you have knowledge of the
following topic:
l SQL SELECT statement syntax

Agenda

1. SOC Concepts and Security Fabric
2. Log Data Flow and Navigation
3. Events, Indicators, and Incidents
4. FortiAI, Threat Hunting, and Troubleshooting
5. Reports
6. Playbooks

Objectives

After completing this course, you should be able to:
Describe SOC objectives, responsibilities, and roles
Describe the role of FortiAnalyzer in a SOC
Describe FortiAnalyzer Security Fabric integration
Describe how logging works in a Security Fabric
Describe FortiAnalyzer Fabric deployments
Describe FortiAnalyzer operating modes
Describe how FortiAnalyzer parses and normalizes logs
Validate log parsers
Search logs using normalized fields
View and search for logs in the log view
Create saved filters and dashboards
View summary data in FortiView
View dashboards and widget features
Configure event handlers
Manage events
Configure indicators
Create incidents
Analyze incidents
Configure incident settings
Describe FortiAI operations and use cases
Describe threat hunting
Use the log count chart
Use the SIEM log analytics table
Describe outbreak alerts
Collect log volume statistics
Configure an automation stitch
Configure an event handler with an automation stitch
enabled
Run and fine-tune predefined reports
Customize reports with macros, custom charts, and
datasets
Configure external storage for reports
Group reports
Import and export reports and charts
Attach reports to incidents
Manage and troubleshoot reports
Create new playbooks
Use variables in tasks
Monitor playbooks
Export and import playbooks

Training Delivery Options and SKUs

Instructor-Led Training

Includes standard NSE training content delivered in
person onsite, or live online using a virtual classroom
application. Training is delivered within public classes
or as a private class. Private requests are scoped,
quoted, developed, and delivered by Fortinet Training
(minimum quantities apply).
Contact your Fortinet Resellers or Authorized Training
Partners to purchase this course.

Self-Paced Training

Includes online training videos and resources through
the Fortinet Training Institute library, free of charge.
You can purchase on-demand lab access with
interactive, hands-on activities using the following
methods:
Credit card, through the course on the Fortinet Training
Institute
Purchase order (PO), through Fortinet Resellers or
Authorized Training Partners
After you complete the purchase, you receive lab
access and the accompanying lab guide within the selfpaced
course.
For training and lab SKUs, or additional purchasing
information, refer to Purchasing Process

ver calendario