FortiSoC Dashboard Mastery

Questions and Answers

Which dashboard in FortiSoC helps track all events, their status, sources, and severity?

Events Dashboard

Which dashboard in FortiSoC tracks all incidents that need to be solved, and their severity?

Incidents Dashboard

What type of information is displayed in the Events Dashboard?

Event status and sources

What does the Incidents Dashboard in FortiSoC include?

Total Incidents, Unsolved Incidents, and Incidents Timeline

Are the FortiSoC dashboards customizable?

No, they are read-only and not customizable

How is the information on the FortiSoC dashboards updated?

The information is updated in real-time

What does the Events Dashboard help the SOC team identify?

Events that require urgent attention

Which dashboard provides a general overview and statistics about events, incidents, and playbooks in your environment?

Overview Dashboard

What is the purpose of the FortiSoC dashboards?

To provide a read-only view of SOC productivity

How can users get more detail about a section of interest on the dashboards?

By hovering the mouse over the section

Which dashboard provides a clear representation of incident severity and the number of incidents still being handled by analysts?

FortiSoC Incidents Dashboard

What does the Playbooks Dashboard track?

Total Executed Playbooks and Actions Trend

In the example shown, how many playbooks have been executed in the last seven days?

246

What is the responsibility of the SOC analyst regarding playbooks?

Ensuring playbooks are properly configured

How are events generated in FortiAnalyzer?

Based on predefined criteria

What is the purpose of event handlers in FortiAnalyzer?

To generate events based on logs

What can be done with predefined event handlers in FortiAnalyzer?

All of the above

What are the matching criteria for event handlers in FortiAnalyzer?

Devices, Subnets, Pre-filters, Device type, Log Type/subtype, Log match, Log field, Generic text filter

What can be done with individual filters in event handlers?

Enable or disable them

Where can all generated events be viewed in FortiAnalyzer?

Event Monitor Dashboard

Study Notes

FortiSoC Dashboards

• The Events Dashboard tracks all events, their status, sources, and severity.
• The Incidents Dashboard tracks all incidents that need to be solved, and their severity.
• The Events Dashboard displays information about events, including their status, sources, and severity.
• The Incidents Dashboard includes information about incidents, including their severity and the number of incidents still being handled by analysts.
• FortiSoC dashboards are customizable.
• The information on the FortiSoC dashboards is updated in real-time.
• The Events Dashboard helps the SOC team identify trends, patterns, and anomalies in events.

Playbooks and Incidents

• The Overview Dashboard provides a general overview and statistics about events, incidents, and playbooks in your environment.
• The purpose of the FortiSoC dashboards is to provide a centralized view of security events and incidents.
• Users can get more detail about a section of interest on the dashboards by clicking on it.
• The Incidents Dashboard provides a clear representation of incident severity and the number of incidents still being handled by analysts.

Playbooks

• The Playbooks Dashboard tracks playbooks executed in the environment.
• In the example shown, 15 playbooks have been executed in the last seven days.
• The responsibility of the SOC analyst is to review and execute playbooks.

FortiAnalyzer

• Events are generated in FortiAnalyzer based on log data from various sources.
• The purpose of event handlers in FortiAnalyzer is to filter and process events.
• Predefined event handlers in FortiAnalyzer can be cloned and modified to create custom event handlers.
• The matching criteria for event handlers in FortiAnalyzer include event type, severity, and source.
• Individual filters in event handlers can be used to filter events based on specific criteria.
• All generated events can be viewed in FortiAnalyzer's Event Viewer.