FT-FGT-PAR - FortiSIEM Parser

In this course, you will learn how to create custom parsers to extend the integration capability of FortiSIEM to a wider range of devices and custom applications. You will learn how parsers recognize the type of device or application that sent the data, extract and save key information from the log, and map the device type and log information to an event type.

Duration: 3.0 days

Enquire Now

Start learning today!

Click Hereto customize your Training

Objectives

After completing this course, you will be able to do the following:

  • Examine how FortiSIEM determines which parsers to use
  • Review parser terminology and steps to create a parser
  • Identify different log types and structures
  • Review basic and advanced regex patterns
  • Use tools for regex validation and development
  • Identify appropriate uses of global and local patterns
  • Define local and global patterns
  • Identify common string patterns in event logs
  • Create event format recognizers
  • Configure parsing instructions to extract and map data
  • Build collect Fields By Regex functions
  • Build set Event Attribute functions
  • Add comments to parser code
  • Build conditional matching logic capabilities in parsers
  • Parse and normalize date and time from logs
  • Add, categorize, and query the CMDB for new parser events
  • Create parsers for various log types
  • Manipulate extracted strings from logs
  • Perform calculations on variables or attributes
  • Calculate event severity with syslog priority values
  • Use advanced functions to parse JSON logs
  • Enable FortiSIEM support for logs in other languages

Content

  • Introduction
  • Regular Expressions
  • Event Format Recognizers
  • Parsing Instructions
  • Switch-Case Constructs
  • Custom CMDB Event Types
  • Choose-When Constructs
  • Key Value Pair Logs
  • Value List Logs
  • Advanced Features

Audience

Cybersecurity professionals responsible for creating custom parsers on FortiSIEM should attend this course.

Prerequisites

You must have an understanding of the topics covered in the following courses, or have equivalent experience:

  • NSE 4 FortiGate Security
  • NSE 4 FortiGate Infrastructure
  • NSE 5 FortiSIEM

Certification

product-certification

Course Benefits

product-benefits
  • Career growth
  • Broad Career opportunities
  • Worldwide recognition from leaders
  • Up-to Date technical skills
  • Popular Certification Badges
Enquire Now
 
 
 
 
ljQ6sV
By clicking "Submit", I agree to the Terms Of Use and Privacy Policy