NSE5_FSM-6.3 Exam Dumps - Fortinet NSE 5 - FortiSIEM 6.3

ï‚· Feature Overview: FortiSIEM provides several tools for querying and reporting on device information within an environment.

ï‚· Inventory Tab: The Inventory tab is specifically designed to display detailed information about devices, including their firmware versions.

ï‚· Query Functionality: Within the Inventory tab, you can run queries to filter and display devices based on specific attributes, such as the firmware version for FortiGate devices.

ï‚· Report Generation: By running a query in the Inventory tab, you can produce a report that lists the FortiGate devices and their corresponding firmware versions.

ï‚· References: FortiSIEM 6.3 User Guide, Inventory Management section, explains how to use the Inventory tab to query and report on device attributes.

ï‚· Anomaly Baseline Data: Anomaly baseline data refers to the statistical profiles and baselines calculated for various parameters to detect deviations indicative of potential security incidents.

ï‚· Profile DB: The Profile DB is specifically designed to store such baseline data in FortiSIEM.

Purpose: It maintains statistical profiles for different monitored parameters to facilitate anomaly detection.

Usage: This data is used by FortiSIEM to compare real-time metrics against the established baselines to identify anomalies.

ï‚· References: FortiSIEM 6.3 User Guide, Database Architecture section, which describes the different databases used in FortiSIEM and their purposes, including the Profile DB for storing anomaly baseline data.

ï‚· Device Discovery Information: Information about discovered devices, including their configurations and statuses, is stored in a specific database.

ï‚· CMDB: The Configuration Management Database (CMDB) is used to store detailed information about the devices discovered by FortiSIEM.

Function: It maintains comprehensive details about device configurations, relationships, and other metadata essential for managing the IT infrastructure.

ï‚· Significance: Storing discovery information in the CMDB ensures that the FortiSIEM system has a centralized repository of device information, facilitating efficient management and monitoring.

ï‚· References: FortiSIEM 6.3 User Guide, Configuration Management Database (CMDB) section, which details the storage and usage of device discovery information.

ï‚· Syslog Ports: Syslog messages can be sent over different ports using TCP or UDP protocols.

ï‚· Common Ports for Syslog:

UDP 514: This is the default port for sending syslog messages over UDP.

TCP 514: This is the default port for sending syslog messages over TCP, providing a more reliable transmission.

TCP 1470: This port is often used for secure or alternative syslog transmission.

ï‚· Usage in FortiSIEM: FortiSIEM can be configured to receive syslog messages on these ports to ensure the logs are collected from various network devices.

ï‚· References: FortiSIEM 6.3 User Guide, Syslog Integration section, which details the supported ports for syslog transmission.

ï‚· Rule Evaluation in FortiSIEM: Rules in FortiSIEM are evaluated periodically to check if the defined conditions or subpatterns are met.

ï‚· Frequency Field: The Frequency field in a rule determines the interval at which the rule's subpattern will be evaluated.

Evaluation Interval: This defines how often the system will check the incoming events against the rule's subpattern to determine if an incident should be triggered.

Impact on Performance: Setting an appropriate frequency is crucial to balance between timely detection of incidents and system performance.

ï‚· Examples:

If the Frequency is set to 5 minutes, the rule will evaluate the subpattern every 5 minutes.

This means that every 5 minutes, the system will check if the conditions defined in the subpattern are met by the incoming events.

ï‚· References: FortiSIEM 6.3 User Guide, Rules and Incidents section, which explains the Frequency field and how it impacts the evaluation of subpatterns in rules.