SOC/NOC Analytic Platforms and Procedures
Saturday, November 11, 2023
8:30 AM - 12:30 PM

This Workshop will cover different analytic solutions to enable the participant to understand network, security, application, and infrastructure events. Participants will learn how to configure the FortiAnalyzer (FAZ), learning the key concepts of the FAZ and common FAZ deployments. They will review the different FAZ subscriptions for Indicators of Compromise, Outbreak Alert Service, and SOC playbook automation. Most customers’ FAZ deployments are under-utilized simply because the end-user doesn’t understand the full potential of FAZ event management. Participants will go through the full Event Management module to fully understand how to detect and be notified of the ‘needle in the haystack’ or the specific log pattern to identify. The course will talk to and demonstrate issues such as FAZ scale, better availability, and management procedures.   

Participants will also discover the FortiMonitor (FMR) tool and the SOC as a Service (SOCaaS) offering. Participants will review the architecture of the FMR and delve into performance dashboards, incident response, the OnSight collectors, and automated onboarding with monitoring templates and policies. The full solution overview of SOCaaS will be shown and discussed to provide a deep understanding of how SOCaaS works and how it can help customers with different use cases. Knowledge of NSE 5 FAZ material is preferred; this is not an intro to FAZ course.