FortiAnalyzer Analyst

FortiAnalyzer AnalystFAZ-ANSFOFortinetFO-FAZ-ANS7.6After completing this course, you should be able to: <ul> <li>Describe SOC objectives, responsibilities, and roles</li><li>Describe the role of FortiAnalyzer in a SOC</li><li>Describe FortiAnalyzer Security Fabric integration</li><li>Describe how logging works in a Security Fabric</li><li>Describe FortiAnalyzer Fabric deployments</li><li>Describe FortiAnalyzer operating modes</li><li>Describe how FortiAnalyzer parses and normalizes logs</li><li>Validate log parsers</li><li>Search logs using normalized fields</li><li>View and search for logs in the log view</li><li>Create saved filters and dashboards</li><li>View summary data in FortiView</li><li>View dashboards and widget features</li><li>Configure event handlers</li><li>Manage events</li><li>Configure indicators</li><li>Create incidents</li><li>Analyze incidents</li><li>Configure incident settings</li><li>Describe FortiAI operations and use cases</li><li>Describe threat hunting</li><li>Use the log count chart</li><li>Use the SIEM log analytics table</li><li>Describe outbreak alerts</li><li>Collect log volume statistics</li><li>Configure an automation stitch</li><li>Configure an event handler with an automation stitch enabled</li><li>Run and fine-tune predefined reports</li><li>Customize reports with macros, custom charts, and datasets</li><li>Configure external storage for reports</li><li>Group reports</li><li>Import and export reports and charts</li><li>Attach reports to incidents</li><li>Manage and troubleshoot reports</li><li>Create new playbooks</li><li>Use variables in tasks</li><li>Monitor playbooks</li><li>Export and import playbooks</li></ul>You must have an understanding of the topics covered in the following courses, or have equivalent experience: <ul> <li>FortiGate Operator</li><li><a class="fl-href-prod" href="/swisscom/en/course/fortinet-anlzr-admn"><svg role="img" aria-hidden="true" focusable="false" data-nosnippet class="cms-linkmark"><use xlink:href="/css/img/icnset-linkmarks.svg#linkmark"></use></svg>FortiAnalyzer Administrator (ANLZR-ADMN)</a></li></ul>It is also recommended that you have knowledge of the following topic: <ul> <li>SQL SELECT statement syntax</li></ul>Security professionals responsible for Fortinet Security Fabric analytics and automating tasks to detect and respond to cyberattacks using FortiAnalyzer should attend this course.<ul> <li>SOC Concepts and Security Fabric</li><li>Log Data Flow and Navigation</li><li>Events, Indicators, and Incidents</li><li>FortiAI, Threat Hunting, and Troubleshooting</li><li>Reports</li><li>Playbooks</li></ul>After completing this course, you should be able to: - Describe SOC objectives, responsibilities, and roles - Describe the role of FortiAnalyzer in a SOC - Describe FortiAnalyzer Security Fabric integration - Describe how logging works in a Security Fabric - Describe FortiAnalyzer Fabric deployments - Describe FortiAnalyzer operating modes - Describe how FortiAnalyzer parses and normalizes logs - Validate log parsers - Search logs using normalized fields - View and search for logs in the log view - Create saved filters and dashboards - View summary data in FortiView - View dashboards and widget features - Configure event handlers - Manage events - Configure indicators - Create incidents - Analyze incidents - Configure incident settings - Describe FortiAI operations and use cases - Describe threat hunting - Use the log count chart - Use the SIEM log analytics table - Describe outbreak alerts - Collect log volume statistics - Configure an automation stitch - Configure an event handler with an automation stitch enabled - Run and fine-tune predefined reports - Customize reports with macros, custom charts, and datasets - Configure external storage for reports - Group reports - Import and export reports and charts - Attach reports to incidents - Manage and troubleshoot reports - Create new playbooks - Use variables in tasks - Monitor playbooks - Export and import playbooksYou must have an understanding of the topics covered in the following courses, or have equivalent experience: - FortiGate Operator - FortiAnalyzer Administrator (ANLZR-ADMN) It is also recommended that you have knowledge of the following topic: - SQL SELECT statement syntaxSecurity professionals responsible for Fortinet Security Fabric analytics and automating tasks to detect and respond to cyberattacks using FortiAnalyzer should attend this course.- SOC Concepts and Security Fabric - Log Data Flow and Navigation - Events, Indicators, and Incidents - FortiAI, Threat Hunting, and Troubleshooting - Reports - Playbooks1 day950.00950.00950.00950.00950.001490.00950.001000.00