Data Ingestion with FortiSOAR

Questions and Answers

Which feature of FortiSOAR facilitates data ingestion from external SIEM solutions and other third-party sources?

Data Ingestion Wizard (correct)

Notification Service

App Push

Fetch APIs

What can you do with the data ingestion wizard in FortiSOAR?

Install add-ons on the server side

Map fields between systems (correct)

Schedule data ingestion

Create FortiSOAR records

Which mode of data ingestion in FortiSOAR is triggered by a notification service?

Data Ingestion Wizard

Schedule based

Notification based (correct)

App push

How often are the fetch playbooks scheduled to run by default in FortiSOAR?

Every five minutes

What does the app push feature in FortiSOAR allow you to do?

Push data into FortiSOAR

What does the data ingestion wizard in FortiSOAR fetch from the source?

Sample data

What does the notification service in FortiSOAR trigger?

Playbooks

What does the fetch API in FortiSOAR allow you to do?

Fetch data from the product

What does the schedule-based mode of data ingestion in FortiSOAR use?

Fetch APIs

What does the fetch playbook in FortiSOAR allow you to do?

Fetch data from the product

Which mode of data ingestion uses fetch APIs of the integration?

Schedule based

Which mode of data ingestion requires the installation of a FortiSOAR add-on on the server side?

App push

Which mode of data ingestion requires configuration of a user password or appliance-based authentication in FortiSOAR?

App push

What happens if both notification-based and schedule-based ingestion are configured for the same source?

Data loss due to conflicts

What type of connectors have a Configure Data Ingestion tab?

All data ingestion connectors

What tags are included in each playbook that contributes to data ingestion?

{connector_name}, {dataingestion}

What does the Fetch Playbook do?

Fetches data from external systems

What information does the Connectors page provide about data ingestion connectors?

All of the above

What should be done if you decide to use the sample playbooks in your environment?

Clone and move them to a different collection

What can be done with sample playbooks from data ingestion connectors like Fortinet FortiSIEM?

Use them in a playbook environment

Study Notes

FortiSOAR Data Ingestion

Data Ingestion Features

• The Data Ingestion Wizard facilitates data ingestion from external SIEM solutions and other third-party sources.
• The App Push feature allows you to push data from external sources to FortiSOAR.
• The Fetch API allows you to fetch data from external sources.

Data Ingestion Modes

• There are two modes of data ingestion: Notification-based and Schedule-based.
• Notification-based mode is triggered by a notification service.
• Schedule-based mode uses a schedule to fetch data from external sources.
• Fetch playbooks are scheduled to run by default every 5 minutes.

Data Ingestion Wizard

• The Data Ingestion Wizard fetches data from the source using the Fetch API.
• The wizard configures the data ingestion process.

Fetch Playbook

• The Fetch Playbook allows you to fetch data from external sources.
• The playbook is used to contribute to data ingestion.

Connectors

• Some connectors have a Configure Data Ingestion tab.
• The Connectors page provides information about data ingestion connectors.

Sample Playbooks

• Sample playbooks from data ingestion connectors like Fortinet FortiSIEM can be used as a starting point.
• If you decide to use the sample playbooks, you should customize them to fit your environment.

Conflict Resolution

• If both notification-based and schedule-based ingestion are configured for the same source, the notification-based ingestion takes precedence.

Description

Test your knowledge on data ingestion with FortiSOAR! Learn about the dedicated data ingestion wizard, scheduling periodic data ingestion, mapping fields between FortiSOAR and data sources, defining content pulling frequency, and using sample playbooks. Challenge yourself and become an expert in data ingestion with FortiSOAR!