Upgrade Collectors

Questions and Answers

Which page should you navigate to in the FortiSIEM GUI to upgrade a collector?

Install Image page

Download Image page

Upgrade Collector page

Collector Health page (correct)

What action should you select for a collector upgrade in the FortiSIEM GUI?

Install Image (correct)

Download Image

Collector Health

Upgrade Collector

How does FortiSIEM calculate EPS (Events Per Second)?

By dividing the total number of events received over a three-minute period by 60

By counting the total number of events received over a three-minute period

By counting the total number of events received over a one-minute period

By dividing the total number of events received over a three-minute period by 180 (correct)

What is the purpose of guaranteed EPS in FortiSIEM?

To ensure that the collector can always process events at a certain rate

Where do you define the guaranteed EPS for a collector in FortiSIEM?

Collector configuration process

Are UEBA events counted towards EPS in FortiSIEM?

No

What does EPS stand for in FortiSIEM?

Events Per Second

How long is the time period over which FortiSIEM calculates EPS?

Three minutes

What should you click to download the collector upgrade image in FortiSIEM?

Download Image

Who instructs the collector to upgrade itself in FortiSIEM?

Service provider administrator

Which metric does each collector periodically report to the supervisor?

Incoming EPS

What happens if the incoming EPS is greater than the guaranteed EPS?

Events are dropped

What is EPS bursting in FortiSIEM?

A mechanism to allow bursting above the purchased EPS

What is the maximum EPS bursting allowed in FortiSIEM?

Five times the licensed EPS

How does FortiSIEM calculate the initial system EPS?

Licensed value × 180 seconds + 10% Buffer

What is the purpose of the 10% buffer in the initial system EPS calculation?

To account for fluctuations in EPS

How does FortiSIEM calculate the unused EPS?

Sum of positive differences of allocated EPS and incoming EPS over all nodes

What can FortiSIEM do with the accumulated unused EPS?

Use it for bursting during attacks or event surge periods

What is the requirement to benefit from EPS bursting in FortiSIEM?

Enough computational power and storage

What should be provisioned to handle potential event surges in FortiSIEM?

Five times the licensed EPS

Which metric does each collector periodically report to the supervisor?

Incoming EPS

Which feature helps customers avoid dropped events when incoming EPS is greater than guaranteed EPS?

EPS bursting

What is EPS bursting in FortiSIEM?

A mechanism to accumulate unused EPS for bursting during attacks

What is the maximum EPS bursting allowed in FortiSIEM?

5 times the licensed EPS

How is the initial system EPS calculated in FortiSIEM?

Licensed value = license × 180 seconds + 10% Buffer

What is the allocated EPS for a three-minute duration for a 520 EPS license in FortiSIEM?

102,960

What does FortiSIEM use to keep track of unused EPS?

Positive differences of allocated EPS and incoming EPS over all nodes

What can FortiSIEM use unused EPS for?

Bursting during attacks or event surge periods

What should the system be provisioned with to benefit from EPS bursting in FortiSIEM?

Additional computational power and storage

What is the end result of unused EPS over the course of a day in FortiSIEM?

Unused EPS accumulation

Study Notes

Upgrading a Collector in FortiSIEM

• To upgrade a collector, navigate to the Collectors page in the FortiSIEM GUI.
• Select the Upgrade action for a collector upgrade in the FortiSIEM GUI.

EPS (Events Per Second) Calculation

• FortiSIEM calculates EPS as the average number of events received per second over a 1-minute period.
• EPS stands for Events Per Second in FortiSIEM.

Guaranteed EPS

• The purpose of guaranteed EPS is to ensure that a collector can handle a certain number of events per second without dropping them.
• Guaranteed EPS is defined for a collector in the Collectors page in the FortiSIEM GUI.
• UEBA events are counted towards EPS in FortiSIEM.

EPS Bursting

• If the incoming EPS is greater than the guaranteed EPS, FortiSIEM allows for EPS bursting, which temporarily accommodates the surge in events.
• EPS bursting is a feature that helps customers avoid dropped events when incoming EPS is greater than guaranteed EPS.
• The maximum EPS bursting allowed in FortiSIEM is 3 times the guaranteed EPS.

EPS Calculation and Unused EPS

• The initial system EPS is calculated as the total licensed EPS multiplied by 0.9, minus the allocated EPS for UEBA.
• A 10% buffer is added to the initial system EPS calculation to account for fluctuations.
• Unused EPS is the difference between the guaranteed EPS and the actual EPS.
• FortiSIEM uses a token bucket to keep track of unused EPS.
• Unused EPS can be accumulated and used to handle potential event surges.
• At the end of a day, unused EPS is reset to zero.

Provisioning and Benefits

• To benefit from EPS bursting, the system should be provisioned with sufficient resources.
• The system should be provisioned to handle potential event surges in FortiSIEM.

Description

Test your knowledge on upgrading collectors one by one with this quiz. Learn how to download and install images, navigate the FortiSIEM GUI, and select the collector for upgrade. Upgrade your skills now!