30 Questions
Which page should you navigate to in the FortiSIEM GUI to upgrade a collector?
Collector Health page
What action should you select for a collector upgrade in the FortiSIEM GUI?
Install Image
How does FortiSIEM calculate EPS (Events Per Second)?
By dividing the total number of events received over a three-minute period by 180
What is the purpose of guaranteed EPS in FortiSIEM?
To ensure that the collector can always process events at a certain rate
Where do you define the guaranteed EPS for a collector in FortiSIEM?
Collector configuration process
Are UEBA events counted towards EPS in FortiSIEM?
No
What does EPS stand for in FortiSIEM?
Events Per Second
How long is the time period over which FortiSIEM calculates EPS?
Three minutes
What should you click to download the collector upgrade image in FortiSIEM?
Download Image
Who instructs the collector to upgrade itself in FortiSIEM?
Service provider administrator
Which metric does each collector periodically report to the supervisor?
Incoming EPS
What happens if the incoming EPS is greater than the guaranteed EPS?
Events are dropped
What is EPS bursting in FortiSIEM?
A mechanism to allow bursting above the purchased EPS
What is the maximum EPS bursting allowed in FortiSIEM?
Five times the licensed EPS
How does FortiSIEM calculate the initial system EPS?
Licensed value × 180 seconds + 10% Buffer
What is the purpose of the 10% buffer in the initial system EPS calculation?
To account for fluctuations in EPS
How does FortiSIEM calculate the unused EPS?
Sum of positive differences of allocated EPS and incoming EPS over all nodes
What can FortiSIEM do with the accumulated unused EPS?
Use it for bursting during attacks or event surge periods
What is the requirement to benefit from EPS bursting in FortiSIEM?
Enough computational power and storage
What should be provisioned to handle potential event surges in FortiSIEM?
Five times the licensed EPS
Which metric does each collector periodically report to the supervisor?
Incoming EPS
Which feature helps customers avoid dropped events when incoming EPS is greater than guaranteed EPS?
EPS bursting
What is EPS bursting in FortiSIEM?
A mechanism to accumulate unused EPS for bursting during attacks
What is the maximum EPS bursting allowed in FortiSIEM?
5 times the licensed EPS
How is the initial system EPS calculated in FortiSIEM?
Licensed value = license × 180 seconds + 10% Buffer
What is the allocated EPS for a three-minute duration for a 520 EPS license in FortiSIEM?
102,960
What does FortiSIEM use to keep track of unused EPS?
Positive differences of allocated EPS and incoming EPS over all nodes
What can FortiSIEM use unused EPS for?
Bursting during attacks or event surge periods
What should the system be provisioned with to benefit from EPS bursting in FortiSIEM?
Additional computational power and storage
What is the end result of unused EPS over the course of a day in FortiSIEM?
Unused EPS accumulation
Study Notes
Upgrading a Collector in FortiSIEM
- To upgrade a collector, navigate to the Collectors page in the FortiSIEM GUI.
- Select the Upgrade action for a collector upgrade in the FortiSIEM GUI.
EPS (Events Per Second) Calculation
- FortiSIEM calculates EPS as the average number of events received per second over a 1-minute period.
- EPS stands for Events Per Second in FortiSIEM.
Guaranteed EPS
- The purpose of guaranteed EPS is to ensure that a collector can handle a certain number of events per second without dropping them.
- Guaranteed EPS is defined for a collector in the Collectors page in the FortiSIEM GUI.
- UEBA events are counted towards EPS in FortiSIEM.
EPS Bursting
- If the incoming EPS is greater than the guaranteed EPS, FortiSIEM allows for EPS bursting, which temporarily accommodates the surge in events.
- EPS bursting is a feature that helps customers avoid dropped events when incoming EPS is greater than guaranteed EPS.
- The maximum EPS bursting allowed in FortiSIEM is 3 times the guaranteed EPS.
EPS Calculation and Unused EPS
- The initial system EPS is calculated as the total licensed EPS multiplied by 0.9, minus the allocated EPS for UEBA.
- A 10% buffer is added to the initial system EPS calculation to account for fluctuations.
- Unused EPS is the difference between the guaranteed EPS and the actual EPS.
- FortiSIEM uses a token bucket to keep track of unused EPS.
- Unused EPS can be accumulated and used to handle potential event surges.
- At the end of a day, unused EPS is reset to zero.
Provisioning and Benefits
- To benefit from EPS bursting, the system should be provisioned with sufficient resources.
- The system should be provisioned to handle potential event surges in FortiSIEM.
Test your knowledge on upgrading collectors one by one with this quiz. Learn how to download and install images, navigate the FortiSIEM GUI, and select the collector for upgrade. Upgrade your skills now!
Make Your Own Quizzes and Flashcards
Convert your notes into interactive study material.
Get started for free