20 Questions
Which feature of FortiSOAR facilitates data ingestion from external SIEM solutions and other third-party sources?
Data Ingestion Wizard
What can you do with the data ingestion wizard in FortiSOAR?
Map fields between systems
Which mode of data ingestion in FortiSOAR is triggered by a notification service?
Notification based
How often are the fetch playbooks scheduled to run by default in FortiSOAR?
Every five minutes
What does the app push feature in FortiSOAR allow you to do?
Push data into FortiSOAR
What does the data ingestion wizard in FortiSOAR fetch from the source?
Sample data
What does the notification service in FortiSOAR trigger?
Playbooks
What does the fetch API in FortiSOAR allow you to do?
Fetch data from the product
What does the schedule-based mode of data ingestion in FortiSOAR use?
Fetch APIs
What does the fetch playbook in FortiSOAR allow you to do?
Fetch data from the product
Which mode of data ingestion uses fetch APIs of the integration?
Schedule based
Which mode of data ingestion requires the installation of a FortiSOAR add-on on the server side?
App push
Which mode of data ingestion requires configuration of a user password or appliance-based authentication in FortiSOAR?
App push
What happens if both notification-based and schedule-based ingestion are configured for the same source?
Data loss due to conflicts
What type of connectors have a Configure Data Ingestion tab?
All data ingestion connectors
What tags are included in each playbook that contributes to data ingestion?
{connector_name}, {dataingestion}
What does the Fetch Playbook do?
Fetches data from external systems
What information does the Connectors page provide about data ingestion connectors?
All of the above
What should be done if you decide to use the sample playbooks in your environment?
Clone and move them to a different collection
What can be done with sample playbooks from data ingestion connectors like Fortinet FortiSIEM?
Use them in a playbook environment
Study Notes
FortiSOAR Data Ingestion
Data Ingestion Features
- The Data Ingestion Wizard facilitates data ingestion from external SIEM solutions and other third-party sources.
- The App Push feature allows you to push data from external sources to FortiSOAR.
- The Fetch API allows you to fetch data from external sources.
Data Ingestion Modes
- There are two modes of data ingestion: Notification-based and Schedule-based.
- Notification-based mode is triggered by a notification service.
- Schedule-based mode uses a schedule to fetch data from external sources.
- Fetch playbooks are scheduled to run by default every 5 minutes.
Data Ingestion Wizard
- The Data Ingestion Wizard fetches data from the source using the Fetch API.
- The wizard configures the data ingestion process.
Fetch Playbook
- The Fetch Playbook allows you to fetch data from external sources.
- The playbook is used to contribute to data ingestion.
Connectors
- Some connectors have a Configure Data Ingestion tab.
- The Connectors page provides information about data ingestion connectors.
Sample Playbooks
- Sample playbooks from data ingestion connectors like Fortinet FortiSIEM can be used as a starting point.
- If you decide to use the sample playbooks, you should customize them to fit your environment.
Conflict Resolution
- If both notification-based and schedule-based ingestion are configured for the same source, the notification-based ingestion takes precedence.
Test your knowledge on data ingestion with FortiSOAR! Learn about the dedicated data ingestion wizard, scheduling periodic data ingestion, mapping fields between FortiSOAR and data sources, defining content pulling frequency, and using sample playbooks. Challenge yourself and become an expert in data ingestion with FortiSOAR!
Make Your Own Quizzes and Flashcards
Convert your notes into interactive study material.
Get started for free