Index: 1.

0
Use Case: Introduction
Objective Title: Description
Points: 0
----------------------- Objective Section -----------------------
Objective Text:

Fast Track Workshops: Powerful Security Information and

Event Management
Cyberattacks are a 24/7 reality. The complexity and growth of the enterprise infrastructure,
applications, VM’s, cloud, endpoints and IOT means the attack surface grows exponentially.
Coupled with a skills shortage, and resource constraints, security becomes everybody’s problem
but visibility, event correlation and remediation are other people’s responsibility. Effective
security requires visibility of all the devices, infrastructure in real time but also with context
what devices represent a threat, what is their capability so you manage the threat the business
faces, not the noise multiple security tools create.
FortiSIEM is Fortinet’s multivendor security incident and events management solution that
brings it all together by integrating NOC-SOC solutions to automate IT processes and security
responses. Visibility, correlation, automated response and remediation in a single, scalable
solution. Using FortiSIEM, the complexity of managing network and security operations is
reduced, freeing resources, improving breach detection. Worldwide 80% of breaches go
undetected because of skills shortage and event information noise. FortiSIEM provides the
cross correlation, applies machine learning and UEBA to improve response and stop breaches
before they occur.
Attend this technical training to familiarize yourself with the powerful security information and
event management capabilities of FortiSIEM.
Index: 1.0 (a)
Use Case: Introduction
Objective Title: FastTrack Program
Points: 0
----------------------- Objective Section -----------------------
Objective Text:

Fast Tracks are a free instructor-led hands-on workshop that introduce Fortinet solutions for
securing your digital infrastructure. These workshops are only an introduction to what Fortinet
security solutions can do for your organization.
For more in-depth training, we encourage you to investigate our full portfolio of NSE training
courses at https://training.fortinet.com.
Index: 1.0 (b)
Use Case: Introduction
Objective Title: Instructions
Points: 0
----------------------- Objective Section -----------------------
Objective Text:

Instructions
For this lab activity, all devices will be accessed from the sidebar menu on the Lab Activity:
FortiSIEM r02 tab.

It is recommended that you leave each device tab open once you have accessed it, as you will
usually return to the device several times.
Index: 1.0 (c)
Use Case: Introduction
Objective Title: Topology
Points: 0
----------------------- Objective Section -----------------------
Objective Text:
Index: 1.0 (d)
Use Case: Introduction
Objective Title: Agenda
Points: 0
----------------------- Objective Section -----------------------
Objective Text:

Agenda

Topic Time Prerequisite

Lab 1: Introduction 1 Minute -
Lab 2: CMDB Overview 15 Minutes -
Lab 3: Incident Investigation 15 Minutes Lab 2
Lab 4: Analytics 15 Minutes Lab 3
Lab 5: Remediation 15 Minutes -
Lab 6: Conclusion 1 Minute -

Time to Complete: 60 minutes

Index: 2.0
Use Case: CMDB Overview
Objective Title: Introduction
Points: 0
----------------------- Objective Section -----------------------
Objective Text:

Introduction
The CMDB is a core component of FortiSIEM. FortiSIEM CMDB is a patented technology that
provides real-time asset discovery & classification of network devices, applications, servers,
users and rogue devices. It further simplifies configuration of rules, business services and
reports with automatic grouping based on device profile
In this lab exercise, you do a quick CMDB overview, review discovered device parameters and
generate a server inventory report.

Time to Complete: 15 minutes

Index: 2.0 (a)
Use Case: CMDB Overview
Objective Title: Navigate CMDB Devices and Applications
Points: 5
----------------------- Objective Section -----------------------
Objective Text:

CMDB Navigation, Devices and Applications

1. From the Lab Activity: FortiSIEM r02 tab sidebar menu, access FortiSIEM using the HTTPS
option.

Note: Unless otherwise indicated all username/passwords for the various web consoles are:

Username: admin Password: Fortinet1!

Due to high density of the FortiSIEM GUI, you may need to adjust the zoom factor in the
browser (67% or lower) to allow more text to appear on screen.

Also, please make sure to split the FortiFIED to FortiSIEM web browser screen area in the
ratio of 2:3.

2. Click CMDB.

3. Expand Devices > Network Device to see the discovered network devices.

4. Expand Devices > Server > Windows to see the discovered Windows servers.
5. Expand Applications > Expand Infrastructure App > DNS.

6. Notice the Microsoft DNS entry shows the process dns.exe.

Note: When discovering a device, FortiSIEM checks what processes are running and if
matching a particular group, it automatically adds it to that application group.

Stop and Think

Out of the following, identify the methods that aid FortiSIEM’s discovery of different devices?
----------------------- Answer Section -----------------------

Answer: radio

Answer Text:
Correct Answer: F
All of the following methods can provide FortiSIEM with relevant device information to aid in a device’s
discovery.
Syslog
SNMP

WMI
Netflow

Windows/Linux Agents

Answer Key:
✘ 1. Syslog
✘ 2. SNMP
✘ 3. WMI
✘ 4. Netflow
✘ 5. Windows/Linux Agents
✔ 6. All of the above
Index: 2.0 (b)
Use Case: CMDB Overview
Objective Title: Generate CMDB Server Inventory Report
Points: 10
----------------------- Objective Section -----------------------
Objective Text:

Background
CMDB reports allow you to report on:

• Devices - lots of information such as serial numbers, OS versions etc.

• Rules - such as what rules have exceptions

• Users - such as when password was last reset and the DN.

• Incident information - such as cleared times

• Identity and Locations - such as IP of user between two times and switch port and other
information.

Goal
The CISO of your company has asked you to send a PDF report on all the Servers along with
their types, IP’s and names that are present in their network for an urgent meeting discussion.
The goal of this lab objective is to export a ‘Server Inventory’ report.

Success
To successfully complete this objective:

1. Click CMDB > CMDB Reports.

Based on the available options, please try to Run and export a ‘Server Inventory’ report. Once
exported, please review it.

NOTE: If you need help with this exercise click on HINT.

Stop and Think

Based on your analysis from the exported ‘Server Inventory’ report, which of the following
statements are TRUE? (Select all that apply)
----------------------- Hint 1 Section -----------------------

Hint: 1 Points: 2

Hint Text:

Hint 1:

1. Go to CMDB > CMDB Reports.

2. In the search box on top, enter ‘Server’ or ‘Server Inventory’.

Based on the available options, please try to generate a report.

----------------------- Hint 2 Section -----------------------

Hint: 2 Points: 2

Hint Text:

Hint 2:

1. Go to CMDB > CMDB Reports.

2. In the search box on top, enter ‘Server’ or ‘Server Inventory’.

3. Click on Server Inventory Report.

4. Click on Run.

Note: Once you click Run, you will get the desired results on the FortiSIEM GUI itself, but they are only
visible to you at this time.

5. Click the Export button on top.

6. Select Output format PDF.

7. Click Generate.

8. Click OK to open the report and review it.

----------------------- Answer Section -----------------------

Answer: checkbox

Answer Text:
Answer

Correct Answer: A and D

Answer Key:
✔ 1. HOST-172.16.10.6 is a Solaris Sun server
✘ 2. ibmaix server’s IP address is 192.168.1.100
✘ 3. QA-EXCHG servers count is three
✔ 4. THREATSOCDC is a Windows server
Index: 3.0
Use Case: Incident Investigation
Objective Title: Introduction
Points: 0
----------------------- Objective Section -----------------------
Objective Text:

Introduction
Incidents contain detailed information about rules that have been triggered by FortiSIEM. There
are more than 600+ built-in rules. When FortiSIEM triggers a rule, it collects information such as
the time of the incident, the source, target, and other information about the incident. The
incident is then categorized as an incident related to performance, availability, security, or
change. Incidents also contain the triggering events, which are the details about why an alert is
being reported in the network.
The Incident interface has 3 sections:
1. Overview - It will provide a type of Red Amber Green (RAG) view of incidents by Type,
Devices with incidents and Hosts by Risk/Impact. It can also act as a dashboard.
2. List View - It is where you can view all incidents and perform investigations. This is
where most of this section of the lab will be performed.
3. Risk - It creates a timeline view of devices and users by risk.
FortiSIEM also has the ability to turn on numerous threat feeds from a myriad of sources. Some
of these sources are freely available sites on the Internet, and others are subscription based.
One such subscription-based source is the FortiGuard IOC threat feed that contains an updated
list of Indicators such as bad Domains, IP addresses and URLs.
In this lab exercise, you investigate an ongoing incident and manually add the attacker’s IP
address to IOC threat feed.

Time to Complete: 15 minutes

Index: 3.0 (a)
Use Case: Incident Investigation
Objective Title: Investigate an Incident
Points: 10
----------------------- Objective Section -----------------------
Objective Text:

Background
Leveraging machine learning and statistical methodologies to baseline normal behavior and
incorporate real-time actionable insights, FortiSIEM UEBA monitors for anomalous user
behavior that may be indicative of a threat.
A user account in your organization has been compromised. The hacker is trying to get access
to corporate assets using the compromised user’s credentials to login via VPN.

Goal
The goal of this lab objective is to investigate which user account is being used and from what
all locations, the hacker was trying to VPN into the corporate network?
Note: Don’t forget to click on the HINT button if you need help achieving the task.

Success

Initiate Event Data

1. From the Lab Activity: FortiSIEM tab, login into Jumpbox Server using the RDP option.
2. Open web browser from the Desktop.
3. Click Demo bookmark.
4. Under the section: Base Demo Setup, click option 3) Start All Performances and Device
Data.
5. Click option 4) Populate the SVN with configurations.
6. Click option 5) Apply final update to cron

7. Wait for one minute and repeat steps 4,5 and 6 again as above to populate more incidents.
Investigate Incident

To successfully complete this objective, answer the Stop and Think question correctly.
1. Continue on the FortiSIEM GUI, go to Incident tab
2. Click List > select by Time

3. Click Actions > Search > Incident Name.

4. Click Show all to find the relevant incident mentioned in the background above.

Stop and Think

Based on your investigation, which of the following statements are TRUE? (Select all that apply)
----------------------- Hint 1 Section -----------------------

Hint: 1 Points: 2

Hint Text:

Hint 1:
1. Under Incident Name, locate the incident by name Sudden User Location Change.
----------------------- Hint 2 Section -----------------------

Hint: 2 Points: 2

Hint Text:

Hint 2:

1. Select incident and in the Details pane in the bottom, click the ^ arrow twice as shown in
screenshot below.

2. View the details of the event for both incidents.

----------------------- Answer Section -----------------------

Answer: checkbox

Answer Text:

Answer

A, B, D

Answer Key:
✔ 1. The affected user account is jimmy.carter
✔ 2. High severity incident with Concurr VPN Authentications To Same Account From
Different Cities was triggered.
✘ 3. The affected user account is joe.biden
✔ 4. Concurrent VPN authentication from same user from US or France or UK
✘ 5. Concurrent VPN authentication from same account from US and China.
Index: 4.0
Use Case: Analytics
Objective Title: Introduction
Points: 0
----------------------- Objective Section -----------------------
Objective Text:

Introduction
After you set up FortiSIEM to receive and collect SIEM and PAM information from your
environment, how do you view the data? FortiSIEM analytics allows you to look at the data
generated by all your applications, servers, and devices, whether they are physical, virtual, in
the cloud, or on premise, on the same interface. It uses operators to build search conditions to
filter data in a structured way. You can use query filters for either a real-time or historical
search. You can also run the search without any condition for both real-time or historical
search.
In this lab exercise, you will do some basic analytic searches, perform advanced data
aggregation to aggregate the search results and generate a useful report.

Time to Complete: 15 minutes

Index: 4.0 (a)
Use Case: Analytics
Objective Title: Add Malicious IP to IOC Threat Feed
Points: 0
----------------------- Objective Section -----------------------
Objective Text:

Threat Intel - IOC Setup

Investigate High Risk incident:

During investigation by the SOC team at Acme Corp, they found out that an attacker is
searching for local file systems and remote file shares for files containing insecurely stored
credentials on a AcmeCorp server.

They confirmed that the attacker’s IP address is 113.173.2.158. Now, you will add this malicious
IP (113.173.2.158) of the attacker to FortiSIEM’s IOC threat feed.

1. Click Resource.

2. Click Malware IPs.

3. Click + icon at the top of the navigation pane.

4. In the Create New Malware IP Group, enter the following details:

• Group: FortiGuard Manual Import

• Value: IP
5. Click Save.

6. Expand Malware IPs group and navigate to the FortiGuard Manual Import group you just
created.

7. Click New to create a new entry.

8. Enter the following information:

• Name: Attacker IP

• IP: 113.173.2.158

9. Click Save.
Index: 4.0 (b)
Use Case: Analytics
Objective Title: Perform a Basic Analytic Search
Points: 10
----------------------- Objective Section -----------------------
Objective Text:

Background
FortiSIEM analytics also provides granular search capabilities that enable you to troubleshoot
problems, investigate security, performance, network incidents, identify the top talkers,
sources, destinations, protocols and so on reported by all of your devices.

An attacker is searching for local file systems and remote file shares for files containing
insecurely stored credentials on AcmeCorp server.

Goal
The goal of this lab objective is to create an analytic search for traffic events coming from
attacker’s IP address 113.173.2.158.

Success
To successfully complete this objective:
1. Continuing on the FortiSIEM GUI, click Analytics.

2. Click Edit Filters and Time Range search box on top.

3. Select Filter > Event Attribute.

4. Choose the following:

• Attribute: Source IP (Type ‘Source’ in the box and minimize the search)

• Operator: IN

• Value: Select from CMDB

5. From the CMDB tree, expand Malware IPs > FortiGuard Manual Import > Attacker IP.
6. Click >> button to add the FortiGuard Manual Import group to Selections.

7. Click OK to save the selected group.

8. For Time Range, choose Relative Last 1 Day.

9. Click on Apply and Run.

Stop and Think:

Based on the output of your above analytic search, identify the IP address of the device that
reported the incident carried out by the attacker?
----------------------- Answer Section -----------------------

Answer: radio

Answer Text:
Answer

Correct Answer: C

Answer Key:
✘ 1. 192.168.22.16
✘ 2. 10.1.1.5
✔ 3. 192.168.3.1
✘ 4. 194.106.166.123
Index: 4.0 (c)
Use Case: Analytics
Objective Title: Aggregate Search Results (Data Aggregation)
Points: 10
----------------------- Objective Section -----------------------
Objective Text:

Background
When a search returns many results, you may want to group and order individual results, either
by event or by attributes. Data aggregation is any process in which information is gathered and
expressed in a summary form, for purposes such as statistical analysis. FortiSIEM provides the
capabilities to perform mathematical operations such as COUNT, SUM, AVG, MIN, MAX, LAST,
FIRST, and so on.

Goal
The goal of this lab objective is to aggregate all the permitted traffic events to attacker’s
malicious IP address (113.173.2.158) in order to see the total number/count of matching events
that have occurred in the last 1 day. As per your CISO’s request, once the data is successfully
aggregated, generate a PDF report that shows the aggregated results plus the following IP
address information used in the attack:

Source IP
Destination IP

Success
To successfully complete this objective:

Note: Do not delete/remove the attribute filters configured in the last objective.

1. Click on the Change Display Fields Icon beside Search box.

2. Add a new row at the bottom by clicking + sign in the Row column.
3. Select Attribute > Expression Builder.
4. In the Expression Builder window, choose:
· Function: COUNT - click the + icon to the right of the box
· Event Attribute: Matched Events - click the + icon to the right of the box
5. Click OK to save.

6. Remove the following rows by clicking the – (minus) icon in the Row column
·Event Receive Time
·Raw Event Log
7. Click Apply & Run.

What do you see in the results? The search has aggregated all the permitted traffic events to
malicious IP address 113.173.2.158, thus, providing a total number/count of matching events
that have occurred in the last 1 day.

Now, generate a PDF report that shows the aggregated results plus the source and destination
IP address information used in the attack.

Note: Use the existing display filter along with a combination of new display filters.

Stop and Think

Based on the output of your task report, identify the IP address (Destination IP) of the host
being targeted?

----------------------- Hint 1 Section -----------------------

Hint: 1 Points: 2

Hint Text:

Hint 1:
1. Click on the Display Fields Icon beside Search box.
2. Add a new row at the bottom by clicking + sign in the Row column.
3. Select Attribute > Source IP (Type ‘source’ in the search to minimize the search)
4. Add another new row at the bottom by clicking + sign in the Row column.
5. Select Attribute > Destination IP
6. Click Apply & Run.

7. Click on Action (top left corner) > Export Result.

8. Verify Output Format > PDF.
9. Click Generate.
10. Once export is successful, click View.
11. Click OK to open the Report.
12. Scroll down to next page of the report and view the results.

----------------------- Answer Section -----------------------

Answer: radio

Answer Text:
Answer
Correct Answer: B
Answer Key:
✘ 1. 192.168.10.2
✔ 2. 192.168.22.16
✘ 3. 10.10.100.1
✘ 4. 42.83.201.2
Index: 5.0
Use Case: Remediation
Objective Title: Introduction
Points: 0
----------------------- Objective Section -----------------------
Objective Text:

Introduction

A key part of incident response is acting quickly to contain a threat. FortiSIEM incident
remediation functionality provides automatic or manual remediation against an incident.
Remediation can be done either on an ad-hoc basis or using a Notification Policy where the
system takes the remediation action when Incident happens. Remediation actions are script
based. There are a number of python remediation scripts included out of the box, supporting a
range of vendors, actions and device types. Custom remediation scripts are also supported.

In this lab exercise, you do a real time FortiGate device discovery, trigger SQL injection attack
through the FortiGate and take remediation action by blocking attacker’s IP address.

Time to Complete: 15 minutes

Index: 5.0 (a)
Use Case: Remediation
Objective Title: Add Source Device
Points: 0
----------------------- Objective Section -----------------------
Objective Text:

Add Device (FortiGate)

In this lab we are going to discover and monitor a real device in our network (FGT-Upstream).

Note: Until now, we worked on demo devices that were already discovered by FortiSIEM.

We need to define the following three credentials in FortiSIEM to discover the FortiGate:

• SNMP - For discovery and performance monitoring

• SSH - For configuration

• HTTPS - For API’s

1. Continuing on the FortiSIEM GUI, click Admin > Setup > Credentials.

2. Under Step 1: Enter Credentials, click New and enter the following credentials:

• Name: SNMP-Fortigate
• Device Type: Generic
• Access Protocol: SNMP
• Port: 161
• Password config: Manual
• Community String: fortisiem
• Confirm Community String: fortisiem
• Click Save
3. Click New and enter the following credentials:

• Name: SSH-Fortigate
• Device Type: Fortinet FortiOS
• Access Protocol: SSH
• Port: 22
• Password config: Manual
• User Name: admin
• Password: Fortinet1!
• Confirm Password: Fortinet1!
• Click Save
4. Click New and enter the following credentials:

• Name: HTTPS-Fortigate
• Device Type: Fortinet FortiOS
• Access Protocol: HTTPS
• Port: 443
• Password config: Manual
• User Name: admin
• Password: Fortinet1!
• Confirm Password: Fortinet1!
• Click Save
Index: 5.0 (b)
Use Case: Remediation
Objective Title: Associate Device Credentials to IP address and Run Discovery
Points: 0
----------------------- Objective Section -----------------------
Objective Text:

Associate Device Credentials and Run Discovery

Once we have defined the source device (FGT-Upstream) credentials, we will now associate
those credentials with the IP address of FortiGate and create a new discovery to successfully
discover it.

Prepare System for Live Discovery

1. From the Lab Activity: FortiSIEM tab, login to Jumpbox Server using the RDP option.
2. Open web browser from the Desktop.
3. Click Demo bookmark.
4. Scroll to Additional Options and click 1) Prepare System for Live Discovery.

Associate FortiGate Credentials with IP Address

1. Click Admin > Setup > Credentials.
2. Below Step 2: Enter IP Range to Credential Associations, click New.
3. Enter the following information in the Device Credential Mapping Definition:
• IP/IP Range: 10.10.30.6
• Credentials:
• SNMP-Fortigate (Click on + sign to add below credentials)
• SSH-Fortigate
• HTTPS-Fortigate
• Click Save
Discover FortiGate via FortiSIEM Supervisor
1. Click Admin > Setup > Discovery.
2. Click New.
3. In the Discovery Definition profile, enter the following details:
4. Name: FGT-Upstream
• Discovery Type: Range Scan
• Include: 10.10.30.6
• Click Save

4. Select the new Discovery profile FGT-Upstream.

5. Click Discover.
6. Wait for the discovery to complete. Once 100% completed, click Close.
7. Click CDMB > Devices > FGT-Upstream and review to see what was discovered so that
you are aware of the benefits that discovery of devices provides device information such
as serial numbers, interface information, configuration details, and performance
monitoring of the device, such as CPU and memory.
Index: 5.0 (c)
Use Case: Remediation
Objective Title: Review Discovered Device parameters
Points: 0
----------------------- Objective Section -----------------------
Objective Text:

Background

Review Discovered Device Parameters

Goal

The goal of this lab objective is to review FGT-Upstream parameters in order to identify what
has been discovered and other related information from that device in the CMDB.

Success
To successfully complete this objective:
1. Click CMDB.
2. Expand Devices > Network Devices.
3. Click FGT-Upstream.
4. Click up arrow key icon twice located at the bottom right corner of the details pane to
see more detailed information about the device.
5. Click and review each of the following sections in the Details Pane:
• Summary
• Software > Installed Software
• Hardware > Interfaces
Stop and Think

Based on the available sections in the details pane, could you identify the admin server
certificate?

----------------------- Hint 1 Section -----------------------

Hint: 1 Points: 0

Hint Text:

Hint

----------------------- Hint 1 Section -----------------------

Hint: 1 Points: 2
1. Go to CMDB > Expand Devices > Network Devices.

2. Click on FGT-Upstream.
3. Click on Up arrow key icon twice located at the bottom right corner of the Details Pane to see
more detailed information about the device.

4. Click on Configuration tab in the Details Pane.

----------------------- Answer Section -----------------------

Answer: radio

Answer Text:

Answer Key:
✘ 1. Fortinet_CA certificate
✘ 2. Fortinet_ssl_proxy certificate
✔ 3. AcmeCorpDevice
Index: 5.0 (d)
Use Case: Remediation
Objective Title: Trigger SQL Injection Attack against FGT-Upstream
Points: 0
----------------------- Objective Section -----------------------
Objective Text:

Trigger SQL Inject Attack Incident against FortiGate-Upstream

You will now perform a simple SQL inject and the FortiGate-Upstream will allow it to happen, however
this will generate an event on the FortiSIEM.
1. From the Lab Activity: FortiSIEM v64 tab sidebar menu, access Kali using the RDP option.
2. Log in with the username root and password Fortinet1!
3. From the Desktop, open Mozilla Firefox.
4. Click DVWA bookmark in the web browser.
5. Log in to the DVWA web app via the following credentials:
• Username: admin
• Password: password
6. Click SQL Injection.
Note: Do not select SQL Injection (Blind) option.
7. In the User ID text box, enter:
8. %' or 0=0 union select null, version() #
Note: You can copy/paste this command from the ‘SQL_Injection_Attack.txt’ file on desktop.
10. Click Submit.
Index: 5.0 (e)
Use Case: Remediation
Objective Title: Remediate Incident
Points: 0
----------------------- Objective Section -----------------------
Objective Text:

Remediate Incident

You will now locate the SQL injection attack incident on the FortiSIEM and run a remediation
script to block the attacker’s IP on FortiGate-Upstream via API’s

1. From the Lab Activity: FortiSIEM v64 tab sidebar menu, access FortiSIEM using the HTTPS
option.
2. Login with username admin and password Fortinet1!
3. Click Incidents > List> by Time
4. Under the Actions drop down, click on Search.
5. Click on Reporting Device tab.
6. Click on the check box beside FGT-Upstream.
Note: You may need to click Show all and scroll down the list. Wait for a few minutes and
refresh the Incidents page in case you don’t see the FGT-Upstream incident yet.
7. Click on the SQL injection attack reported by FortiGate-Upstream to highlight it.

8. Click Action > Remediate Incident.

9. In the Run Remediation window, choose the following:

• Select Type: Remediation

• Enforce On: Device: FGT-Upstream
• Remediation: Fortinet FortiOS – Block IP FortiOS API
• Run On: Super
10. Click Run.
11. You should see Task Result: Success. Click Cancel to close the window.

12. From the sidebar menu, access FGT-Upstream using the HTTPS option.
13. Login with username admin and password Fortinet1!.
14. Click Dashboard > User&Devices > Quarantine Monitor.
15. Expand the Quarantine Monitor widget to full screen by hovering the mouse over the
widget and clicking the Expand to full screen button.

16. Verify the banned IP address. FortiSIEM has successfully blocked the attacker’s IP address
on the FGT-Upstream via FortiOS API. Note: IP address may be different than picture.
Index: 6.0
Use Case: Conclusion
Objective Title: Review
Points: 0
----------------------- Objective Section -----------------------
Objective Text:

Review
After completing this Fast Track module, you should now:

1. Understand the benefits of FortiSIEM.

2. Be able to configure and leverage CMDB, incident investigation, advanced analytics and
remediation capabilities of FortiSIEM in your environment.
3. Extend these new skills to other Fortinet solutions.
Index: 6.0 (a)
Use Case: Conclusion
Objective Title: End of Session
Points: 0
----------------------- Objective Section -----------------------
Objective Text:

You have successfully completed the

Powerful Security Information and Event
Management hands-on exercises

Thank you for participating! We hope that you found this

training of value.
To learn more about what the FortiSIEM can do, we
encourage you to consider the Fortinet NSE Institute. For
more information, go to https://training.fortinet.com/