Data Ingestion with FortiSOAR

Questions and Answers

Which feature of FortiSOAR facilitates data ingestion from external SIEM solutions and other third-party sources?

• Data Ingestion Wizard (correct)
• Notification Service
• App Push
• Fetch APIs

What can you do with the data ingestion wizard in FortiSOAR?

• Install add-ons on the server side
• Map fields between systems (correct)
• Schedule data ingestion
• Create FortiSOAR records

Which mode of data ingestion in FortiSOAR is triggered by a notification service?

• Data Ingestion Wizard
• Schedule based
• Notification based (correct)
• App push

How often are the fetch playbooks scheduled to run by default in FortiSOAR?

Every five minutes (B)

What does the app push feature in FortiSOAR allow you to do?

Push data into FortiSOAR (A)

What does the data ingestion wizard in FortiSOAR fetch from the source?

Sample data (B)

What does the notification service in FortiSOAR trigger?

Playbooks (A)

What does the fetch API in FortiSOAR allow you to do?

Fetch data from the product (D)

What does the schedule-based mode of data ingestion in FortiSOAR use?

Fetch APIs (D)

What does the fetch playbook in FortiSOAR allow you to do?

Fetch data from the product (D)

Which mode of data ingestion uses fetch APIs of the integration?

Schedule based (B)

Which mode of data ingestion requires the installation of a FortiSOAR add-on on the server side?

App push (C)

Which mode of data ingestion requires configuration of a user password or appliance-based authentication in FortiSOAR?

App push (C)

What happens if both notification-based and schedule-based ingestion are configured for the same source?

Data loss due to conflicts (C)

What type of connectors have a Configure Data Ingestion tab?

All data ingestion connectors (A)

What tags are included in each playbook that contributes to data ingestion?

{connector_name}, {dataingestion} (B)

What does the Fetch Playbook do?

Fetches data from external systems (B)

What information does the Connectors page provide about data ingestion connectors?

All of the above (D)

What should be done if you decide to use the sample playbooks in your environment?

Clone and move them to a different collection (A)

What can be done with sample playbooks from data ingestion connectors like Fortinet FortiSIEM?

Use them in a playbook environment (C)

Flashcards are hidden until you start studying

Study Notes

FortiSOAR Data Ingestion

Data Ingestion Features

• The Data Ingestion Wizard facilitates data ingestion from external SIEM solutions and other third-party sources.
• The App Push feature allows you to push data from external sources to FortiSOAR.
• The Fetch API allows you to fetch data from external sources.

Data Ingestion Modes

• There are two modes of data ingestion: Notification-based and Schedule-based.
• Notification-based mode is triggered by a notification service.
• Schedule-based mode uses a schedule to fetch data from external sources.
• Fetch playbooks are scheduled to run by default every 5 minutes.

Data Ingestion Wizard

• The Data Ingestion Wizard fetches data from the source using the Fetch API.
• The wizard configures the data ingestion process.

Fetch Playbook

• The Fetch Playbook allows you to fetch data from external sources.
• The playbook is used to contribute to data ingestion.

Connectors

• Some connectors have a Configure Data Ingestion tab.
• The Connectors page provides information about data ingestion connectors.

Sample Playbooks

• Sample playbooks from data ingestion connectors like Fortinet FortiSIEM can be used as a starting point.
• If you decide to use the sample playbooks, you should customize them to fit your environment.

Conflict Resolution

• If both notification-based and schedule-based ingestion are configured for the same source, the notification-based ingestion takes precedence.