In this workshop, we will dive into how each component of the Fortinet security stack can be used to gather information from a secured environment once a specific alert is triggered on our platforms. We will explore setting up the environment with FortiGate, FortiAnalyzer, FortiSOAR, FortiEDR, FortiSIEM and our FortiGuard CTI. Additionally, we will examine how these components work together to contextualize each other's telemetry, and how to use that enriched telemetry and context to respond to given threats.

After setting up the environment, we will analyze a specific APT campaign and demonstrate its implementation using the open-source tool MITRE Caldera. We will replicate the attack in our environment and use our fabric visibility to detect, mitigate, and automatically respond to the attack. Telemetry from all sources will be utilized to create a playbook on FortiSOAR that integrates these telemetry points, enriches them, and takes action when certain conditions are met.

NOTE: This workshop is also offered on November 6 at 1:00 PM