Only 2 days
Classroom
17/03/2025 (Monday)
Overview
On this accelerated Fortinet Certified Solution Specialist Security Operations certification validates your ability to design, administer, monitor, and troubleshoot Fortinet security operations solutions. This curriculum covers security operations infrastructures using advanced Fortinet solutions.
In this course, you will learn how to use FortiSIEM in a multi-tenant environment. You will learn about rules and their architecture, how incidents are generated, how baseline calculations are performed, the different methods of remediation available, and how the nested queries and lookup tables work for advanced analytics using FortiSIEM. You will also learn how to integrate FortiSOAR with FortiSIEM.
In just 2 days, you’ll learn to identify various implementation requirements for a multi-tenant FortiSIEM deployment . You’ll also learn how to:
- Deploy FortiSIEM in a hybrid environment with and without collectors
- Design multi-tenant solutions with FortiSIEM
- Deploy collectors in a multi-tenant environment
- Manage EPS assignment and restrictions on FortiSIEM
- Manage resource utilization of a multi-tenant FortiSIEM cluster
- Maintain and troubleshoot a collector installation
- Deploy and manage Windows and Linux agents
- Create rules by evaluating security events
- Define actions for a single pattern security rule
- Identify multiple pattern security rules and define conditions and actions for them
- Differentiate between a standard and baseline report
- Create your own baseline profiles Deploy FortiSIEM UEBA agents
- Examine log-based UEBA rules
- Examine nested queries for advanced analytics
- Configure lookup tables for advanced analytics
- Configure clear conditions on FortiSIEM
- Analyze some out-of-the-box remediation scripts
- Configure various remediation methods on FortiSIEM
- Integrate FortiSOAR with FortiSIEM
- Remediate incidents from FortiSOAR
At the end of this course, you’ll sit the Fortinet exam, and achieve your Fortinet Certified Solution Specialist Security Operations certification. Through Firebrand’s Lecture | Lab | Review methodology, you’ll get certified at twice the speed of the traditional training and get access to courseware, learn from certified instructors, and train in a distraction-free environment.
Audience
This course is ideal for:
- Cybersecurity professionals who require the expertise needed to design, manage, support, and analyse advanced Fortinet security operations solutions.
- Security professionals involved in the management, configuration, administration, and monitoring of FortiSIEM and FortiSOAR devices—in an enterprise or service provider deployment—that are used to monitor and secure the networks of customer organizations.
Curriculum
Module 1: Multi-Tenancy SOC Solution for MSSP
- Describe multi-tenancy solutions for SOC environment
- Define and deploy collectors and agents
- Install and manage FortiSIEM Windows and Linux agents
Module 2: FortiSIEM Rules
- Explain FortiSIEM rule processing
- Construct FortiSIEM rules
- Explain the MITRE ATT&CK® framework
Module 3: FortiSIEM Baseline and UEBA
- Explain FortiSIEM baseline and profile reports
- Construct FortiSIEM baseline rules
- Configure UEBA on FortiSIEM
Module 4: Clear Conditions and Remediation
- Remediate incidents on FortiSIEM manually and automatically
- Remediate incidents using FortiSOAR
Module 5: Multi-Tenancy SOC Solution for MSSP
- Describe multi-tenancy solutions for SOC environments
- Define and deploy collectors and agents
- Install and manage FortiSIEM Windows and Linux agents
Module 6: FortiSIEM Rules and Analytics
- Explain FortiSIEM rule processing
- Construct FortiSIEM rules
- Configure advanced nested queries and lookup tables
Module 7: FortiSIEM Baseline and UEBA
- Explain FortiSIEM baseline and profile reports
- Construct FortiSIEM baseline rules
- Explain UEBA on FortiSIEM
Module 8: Conditions and Remediation
- Remediate incidents on FortiSIEM both manually and automatically
- Remediate incidents through FortiSOAR
Exam Track
At the end of this accelerated course, you’ll sit the following exam at the Firebrand Training centre, covered Certification Guarantee:
Fortinet Certified Solution Specialist Security Operations exam NSE 7 - Advanced Analytics 6.3
To obtain the FCSS in Security Operations certification, you must pass the Fortinet NSE 7–Advanced Analytics exam.
- Duration: 60 minutes
- Format: Multiple choice and multiple select
- Number of questions: 35
- Passing score: Answers must be 100% correct for credit. No partial credit is given. There are no deductions for incorrect answers.
Prerequisites
Before attending this accelerated course, you should have:
- An understanding of the topics covered in the following courses, or equivalent experience:
- FCP - FortiGate Security
- FCP - FortiGate Infrastructure
- FCP - FortiSIEM
- It is also recommended that you have an understanding of the following topics, or have equivalent experience:
- Python programming
- Jinja2 templating language for Python
- Linux systems
- SOAR technologies
What's Included
Your accelerated course includes:
- Accommodation *
- Meals, unlimited snacks, beverages, tea and coffee *
- On-site exams **
- Exam vouchers **
- Practice tests **
- Certification Guarantee ***
- Courseware
- Up-to 12 hours of instructor-led training each day
- 24-hour lab access
- Digital courseware **
* For residential training only. Accommodation is included from the night before the course starts. This doesn't apply for online courses.
** Some exceptions apply. Please refer to the Exam Track or speak with our experts.
*** Pass first time or train again free as many times as it takes, unlimited for 1 year. Just pay for accommodation, exams, and incidental costs.
Benefits
Seven reasons why you should sit your course with Firebrand Training
- Two options of training. Choose between residential classroom-based, or online courses
- You'll be certified fast. With us, you’ll be trained in record time
- Our course is all-inclusive. A one-off fee covers all course materials, exams**, accommodation* and meals*. No hidden extras.
- Pass the first time or train again for free. This is our guarantee. We’re confident you’ll pass your course the first time. But if not, come back within a year and only pay for accommodation, exams and incidental costs
- You’ll learn more. A day with a traditional training provider generally runs from 9 am – 5 pm, with a nice long break for lunch. With Firebrand Training you’ll get at least 12 hours/day of quality learning time, with your instructor
- You’ll learn faster. Chances are, you’ll have a different learning style to those around you. We combine visual, auditory and tactile styles to deliver the material in a way that ensures you will learn faster and more easily
- You’ll be studying with the best. We’ve been named in the Training Industry’s “Top 20 IT Training Companies of the Year” every year since 2010. As well as winning many more awards, we’ve trained and certified over 135,000 professionals
*For residential training only. Doesn't apply for online courses
**Some exceptions apply. Please refer to the Exam Track or speak with our experts
Think you are ready for the course? Take a FREE practice test to assess your knowledge! Free Practice Test