FortiSOAR Monitoring Practices

Questions and Answers

What should be configured to control the number of records fetched in one call in FortiSOAR?

• Record sharing threshold
• Maximum fetch limit setting (correct)
• Data export preferences
• User profile parameters

Which of the following is crucial for exporting records that contain unsupported character sets in PDF format?

• File encryption settings
• Data input verification protocols
• Export configurations (correct)
• Supported character encoding parameters

What action is necessary to manage stale entries on FortiMonitor after a takeover in FortiSOAR?

• Implement log consolidation
• Modify record types
• Remove stale entries (correct)
• Reset monitoring metrics

Which service is essential for troubleshooting within FortiSOAR?

Log collector service (A)

What is a recommended step before saving an edited System View Template (SVT) in FortiSOAR?

Creating a backup of the recent SVT (D)

What must a user do if they forget their initial csadmin password?

Contact FortiSOAR for a reset (C)

What is the default email ID specified for csadmin?

[email protected] (D)

Which command is required to install SCP on FortiSOAR?

yum install openssh-clients -y (D)

What happened to the Incident Response modules from FortiSOAR release 7.2.0 onwards?

They were removed and moved to the SOAR Framework SP (D)

What is essential for a user to do after changing the csadmin password?

Update the email ID in the user profile (A)

Why was the openssh-clients package removed from FortiSOAR?

Due to security compliance (D)

What does the SOAR Framework Solution Pack provide?

A foundational framework including various modules (B)

What must a user do to optimally use FortiSOAR’s incident response features?

Install the SOAR Framework Solution Pack (B)

What is the recommended action to take before changing the workflow execution cleanup behavior?

Run a full vacuum (A)

What is the required minimum permission level to enable purging of audit logs?

Read permission on the Security module, Read permission on the Application module, and Delete permissions on the Audit Log module (B)

What dropdown options are available for the retention period of audit logs?

Last year, Last 6 months, Last month, Custom (C)

What happens if you select 'Custom' in the audit log retention options?

You must define the number of days for which to retain the logs (B)

How often does the purge schedule job run by default?

Every night at midnight UTC time (B)

When you set a retention period of 'Last month', what duration will be cleared during the purge?

All logs older than 30 days (C)

Which of the following settings must be modified across all cluster nodes in a High Availability environment?

USE_PG_SQUEEZE, USE_PG_REPACK, and SQUEEZE_EXECUTION_TIME (D)

What is the consequence of not selecting the 'Enable Purging' checkbox in the Audit Logs section?

Logs will not be cleared based on specified time (D)

What is the default language for the FortiSOAR UI?

English (A)

Which of the following languages is currently classified as 'Preview' in FortiSOAR?

Japanese (A)

What may happen when changing the language from English to another language in FortiSOAR?

Labels may exceed their width or buttons may misalign (A)

What must administrators possess to modify the global language settings in FortiSOAR?

Read or Usage permissions on Widgets (A)

What is the function of the 'Language Pack' widget in FortiSOAR?

It includes the supported languages for internationalization (B)

What is the consequence of modifying the 'Language Pack' widget?

FortiSOAR UI may appear in English (D)

Which version of FortiSOAR automatically installs the 'Language Pack' widget?

7.5.0 (B)

If content is not translated in FortiSOAR, which language will it default to?

English (D)

What logical operator should be selected to purge all playbooks with the 'ingestion' tag and a 'finished' status?

All of the below are True (AND) (C)

Which operator should be used to filter playbooks that contain the 'ingestion' tag?

Contains Any (B)

What is the purpose of the 'Add Condition' link in the purging process?

To add additional criteria for purging (B)

If multiple purging criteria have been set, how does the purge functionality operate?

Purge logs based on sequentially defined criteria (D)

What happens to logs marked with 'Playbook Execution Status = Failed' in the purging process?

They are kept for only 1 day from the last 2 days of logs (A)

What custom option can be set for keeping the logs of ingestion playbooks that have finished execution?

1 day (C)

Which option correctly describes a retained log scenario with the given conditions?

Logs are retained first for the default period then checked against additional criteria (C)

What must be selected from the 'Keep Logs Of' drop-down list to specify logging for the past month?

Last month (C)

Study Notes

FortiSOAR Metrics and Monitoring

• Add queued playbooks as a metric for monitoring in FortiSOAR.
• Change monitoring intervals for license expiry metric as needed.
• Modify timings for generating Takeover Incidents efficiently.
• Remove stale entries on FortiMonitor for FortiSOAR metrics post-takeover.

Debugging and Optimization

• Utilize various logs for effective troubleshooting in FortiSOAR.
• Understand key FortiSOAR services and processes for optimal operation.
• Configure settings for exporting records with unsupported character sets in PDF format.
• Adjust record similarity and field prediction settings as necessary.

User Profile and Management

• Keep track of the csadmin password for password recovery purposes.
• Update the csadmin email address, defaulting to [email protected] for password reset functionality.
• Install SCP or SCP clients for file transfer to and from FortiSOAR systems after removal of openssh-clients package.
• Install SOAR Framework Solution Pack to access incident response modules post release 7.2.0.

Language and Internationalization

• English is the default language for FortiSOAR UI, with preview support for Japanese, Korean, and Simplified Chinese.
• The Language Pack widget supports internationalization and cannot be uninstalled or modified.
• Change the global language settings for FortiSOAR once adequate permissions are assigned.

Security and Maintenance Practices

• Run a full vacuum before changing workflow cleanup behaviors in upgraded instances.
• Modify pg_squeeze and pg_repack settings across all cluster nodes in High Availability environments.
• Secure permissions required for purging audit logs in FortiSOAR, ensuring role assignments align with access levels.

Purging and Log Management

• Schedule audit log purging based on retention needs, with options including Last month, Last 3 months, Last 6 months, or Custom.
• Define the specific timeframe for retaining logs, where purging occurs for records exceeding specified periods.
• Implement multiple purging criteria, executing logs sequentially based on defined conditions for efficient log management.

Additional Automation Features

• Automation scripts may be added for fetching updates, such as Google Chrome updates, enhancing system management.

Description

This quiz covers essential practices for monitoring using FortiSOAR, including managing queued playbooks and adjusting monitoring intervals for critical metrics like license expiry. It also addresses modifying incident response timings and handling stale entries in FortiMonitor. Enhance your understanding of effective monitoring in FortiSOAR through this quiz.