FortiNDR On-Premises Administrator

After completing this course, you will be able to:

• Describe how FortiNDR can protect your network.
• Describe the FortiNDR operating modes.
• Describe how FortiNDR monitors network traffic.
• Describe how FortiNDR interacts with other Fortinet or third-party products.
• Describe how FortiNDR can scan network share drives.
• Access FortiNDR GUI menus, execute CLI commands, and perform initial configuration tasks.
• Analyze network insight information on detected attacks.
• Manage false positive detection.
• Analyze attack scenarios, timelines, and host stories.
• Identify network outbreaks and assess network damage.
• Configure static filters and NDR muting rules.
• Configure Windows AD integration for device enrichment.
• Analyze various logs on FortiNDR.
• Integrate FortiNDR in Fortinet Security Fabric.
• Describe how FortiNDR triggers responses.
• Configure enforcement rules.
• Configure automated actions.
• Configure various FortiNDR integration modes.
• Integrate FortiNDR with FortiMail and FortiSandbox.
• Configure the logs and reports available on FortiNDR.
• Generate FortiNDR reports (FortiAnalyzer/FortiSIEM).
• Configure ICAP integration.
• Explain FortiNDR API capabilities.
• Configure and analyze NetFlow logs and dashboards.
• Configure device enrichment and remote authentication.
• Configure network share scanning and quarantining.
• Analyze network share scan results.

Security professionals involved in the management, configuration, administration, and monitoring of FortiNDR onpremises deployments should attend this course.

You must have knowledge of networking and cybersecurity, and basic experience working with FortiGate and the Fortinet Security Fabric. It is also recommended that you have an understanding of the topics covered in the FCP - FortiGate Administrator course.