FortiSOAR Monitoring Practices

Questions and Answers

What should be configured to control the number of records fetched in one call in FortiSOAR?

Record sharing threshold

Maximum fetch limit setting (correct)

Data export preferences

User profile parameters

Which of the following is crucial for exporting records that contain unsupported character sets in PDF format?

File encryption settings

Data input verification protocols

Export configurations (correct)

Supported character encoding parameters

What action is necessary to manage stale entries on FortiMonitor after a takeover in FortiSOAR?

Implement log consolidation

Modify record types

Remove stale entries (correct)

Reset monitoring metrics

Which service is essential for troubleshooting within FortiSOAR?

Log collector service

What is a recommended step before saving an edited System View Template (SVT) in FortiSOAR?

Creating a backup of the recent SVT

What must a user do if they forget their initial csadmin password?

Contact FortiSOAR for a reset

What is the default email ID specified for csadmin?

[email protected]

Which command is required to install SCP on FortiSOAR?

yum install openssh-clients -y

What happened to the Incident Response modules from FortiSOAR release 7.2.0 onwards?

They were removed and moved to the SOAR Framework SP

What is essential for a user to do after changing the csadmin password?

Update the email ID in the user profile

Why was the openssh-clients package removed from FortiSOAR?

Due to security compliance

What does the SOAR Framework Solution Pack provide?

A foundational framework including various modules

What must a user do to optimally use FortiSOAR’s incident response features?

Install the SOAR Framework Solution Pack

What is the recommended action to take before changing the workflow execution cleanup behavior?

Run a full vacuum

What is the required minimum permission level to enable purging of audit logs?

Read permission on the Security module, Read permission on the Application module, and Delete permissions on the Audit Log module

What dropdown options are available for the retention period of audit logs?

Last year, Last 6 months, Last month, Custom

What happens if you select 'Custom' in the audit log retention options?

You must define the number of days for which to retain the logs

How often does the purge schedule job run by default?

Every night at midnight UTC time

When you set a retention period of 'Last month', what duration will be cleared during the purge?

All logs older than 30 days

Which of the following settings must be modified across all cluster nodes in a High Availability environment?

USE_PG_SQUEEZE, USE_PG_REPACK, and SQUEEZE_EXECUTION_TIME

What is the consequence of not selecting the 'Enable Purging' checkbox in the Audit Logs section?

Logs will not be cleared based on specified time

What is the default language for the FortiSOAR UI?

English

Which of the following languages is currently classified as 'Preview' in FortiSOAR?

Japanese

What may happen when changing the language from English to another language in FortiSOAR?

Labels may exceed their width or buttons may misalign

What must administrators possess to modify the global language settings in FortiSOAR?

Read or Usage permissions on Widgets

What is the function of the 'Language Pack' widget in FortiSOAR?

It includes the supported languages for internationalization

What is the consequence of modifying the 'Language Pack' widget?

FortiSOAR UI may appear in English

Which version of FortiSOAR automatically installs the 'Language Pack' widget?

7.5.0

If content is not translated in FortiSOAR, which language will it default to?

English

What logical operator should be selected to purge all playbooks with the 'ingestion' tag and a 'finished' status?

All of the below are True (AND)

Which operator should be used to filter playbooks that contain the 'ingestion' tag?

Contains Any

What is the purpose of the 'Add Condition' link in the purging process?

To add additional criteria for purging

If multiple purging criteria have been set, how does the purge functionality operate?

Purge logs based on sequentially defined criteria

What happens to logs marked with 'Playbook Execution Status = Failed' in the purging process?

They are kept for only 1 day from the last 2 days of logs

What custom option can be set for keeping the logs of ingestion playbooks that have finished execution?

1 day

Which option correctly describes a retained log scenario with the given conditions?

Logs are retained first for the default period then checked against additional criteria

What must be selected from the 'Keep Logs Of' drop-down list to specify logging for the past month?

Last month

Study Notes

FortiSOAR Metrics and Monitoring

• Add queued playbooks as a metric for monitoring in FortiSOAR.
• Change monitoring intervals for license expiry metric as needed.
• Modify timings for generating Takeover Incidents efficiently.
• Remove stale entries on FortiMonitor for FortiSOAR metrics post-takeover.

Debugging and Optimization

• Utilize various logs for effective troubleshooting in FortiSOAR.
• Understand key FortiSOAR services and processes for optimal operation.
• Configure settings for exporting records with unsupported character sets in PDF format.
• Adjust record similarity and field prediction settings as necessary.

User Profile and Management

• Keep track of the csadmin password for password recovery purposes.
• Update the csadmin email address, defaulting to [email protected] for password reset functionality.
• Install SCP or SCP clients for file transfer to and from FortiSOAR systems after removal of openssh-clients package.
• Install SOAR Framework Solution Pack to access incident response modules post release 7.2.0.

Language and Internationalization

• English is the default language for FortiSOAR UI, with preview support for Japanese, Korean, and Simplified Chinese.
• The Language Pack widget supports internationalization and cannot be uninstalled or modified.
• Change the global language settings for FortiSOAR once adequate permissions are assigned.

Security and Maintenance Practices

• Run a full vacuum before changing workflow cleanup behaviors in upgraded instances.
• Modify pg_squeeze and pg_repack settings across all cluster nodes in High Availability environments.
• Secure permissions required for purging audit logs in FortiSOAR, ensuring role assignments align with access levels.

Purging and Log Management

• Schedule audit log purging based on retention needs, with options including Last month, Last 3 months, Last 6 months, or Custom.
• Define the specific timeframe for retaining logs, where purging occurs for records exceeding specified periods.
• Implement multiple purging criteria, executing logs sequentially based on defined conditions for efficient log management.

Additional Automation Features

• Automation scripts may be added for fetching updates, such as Google Chrome updates, enhancing system management.

Description

This quiz covers essential practices for monitoring using FortiSOAR, including managing queued playbooks and adjusting monitoring intervals for critical metrics like license expiry. It also addresses modifying incident response timings and handling stale entries in FortiMonitor. Enhance your understanding of effective monitoring in FortiSOAR through this quiz.