Who should attend
This course is intended for cybersecurity professionals responsible for planning, designing, and customizing FortiSOAR deployments, integrating FortiSOAR with FortiGate, FortiSIEM, and FortiMail, and FortiSOAR playbook design and development.
Prerequisites
You must have a understanding of the topics covered in the following courses, or have equivalent experience:
It is recommended that you have an understanding of Python programming and Jinja2 templating language, and familiarity with email security and SIEM technologies is also beneficial.
Course Objectives
After completing this course, you will be able to:
- Identify the role of FortiSOAR in a SOC environment
- Plan a FortiSOAR deployment
- Manage incidents and alerts in a SOC environment
- Explore, create, and customize dashboards
- Explore the structure of a template
- Create, customize, and analyze various dashboard widgets
- Create, customize, and publish modules
- Search for records and filter search records
- Analyze field-type options in the field editor
- Build a user prompt from a manual trigger step
- Define variables and dictionaries in Jinja
- Configure step utilities within a playbook step
- Configure various core steps of a playbook
- Configure different modes of data ingestion
- Install/configure connectors and apply to a playbook
- Configure various utility steps
- Configure referenced playbooks
- Configure and use dynamic variables and values
- Use expressions to customize playbook input and outputs
- Use common Jinja filters and functions
- Use filters to extract data from complex data structures
- Build loop functions and conditional statements
Detailed Course Outline
- 1. Introduction to FortiSOAR
- 2. Dashboard Templates and Widgets
- 3. Module Templates and Widgets
- 4. Application Editor
- 5. Dynamic Variable and Values
- 6. Jinja Filters, Functions, and Conditions
- 7. Introduction to Playbooks
- 8. Playbook Core Steps
- 9. Playbook Evaluate Steps
- 10. Playbook Connectors, Data Ingestion, and Execution Steps