Download Fortinet.NSE6_FSR-7.3.VCEplus.2024-10-19.15q.tqb

Upgrading a FortiSOAR HA cluster follows the same procedure regardless of whether it is configured in an active-active or active-passive setup. The process generally involves upgrading one node at a time to minimize service disruption. Best practices recommend upgrading the passive secondary node first before moving to the active primary node. This sequence helps maintain cluster stability and ensures that at least one node remains operational during the upgrade.

For two-factor authentication (2FA) via SMS, FortiSOAR supports integration with Telesign. This vendor provides SMS-based 2FA services, enabling FortiSOAR to leverage Telesign's API for sending verification codes as part of its security features. Telesign's service is compatible with FortiSOAR, ensuring secure user authentication when accessing the platform or certain features.

In FortiSOAR's War Room, users can perform several actions to manage incidents effectively. They can view a graphical representation of records linked to an incident in the Artifacts lab, which helps visualize connections and dependencies. Additionally, the War Room supports tagging investigation results as evidence, allowing for a structured approach to incident documentation. Users can also manage tasks via the Task Manager tab, facilitating task creation, assignment, and tracking within the incident response workflow.

When troubleshooting the issue of the FortiSOAR GUI not being reachable, the first step should be to check the status of the nginx service, which is responsible for managing web requests. Using the command systemctl status nginx will provide information on whether the service is running and any potential issues or errors related to it. This approach is more efficient as it directly addresses the service responsible for the web interface, making it possible to diagnose and resolve common issues such as service failure, configuration errors, or connectivity problems.

The fdn.log file in FortiSOAR contains logs related to license synchronization activities. This log file records events and errors associated with license checks and synchronization with Fortinet's licensing servers, ensuring that the FortiSOAR instance remains compliant with licensing requirements. Monitoring fdn.log can help administrators troubleshoot issues related to license synchronization and ensure the system operates within the licensed limits.

The SLA Management Playbooks collection in FortiSOAR includes system-level playbooks designed to auto-populate date fields when the status of incident or alert records changes to Resolved or Closed. This functionality ensures that relevant date fields, such as resolution date or closure date, are accurately filled based on SLA criteria. By using SLA Management Playbooks, FortiSOAR automatically maintains date-related data integrity, which is essential for tracking and reporting purposes.

The Recommendation Engine in FortiSOAR is designed to assist in alert triage by suggesting values for certain fields based on historical data and machine learning models. In this case, the engine is trained to predict both the Severity and Type fields, suggesting values that align with past incidents and threat intelligence. Although the current alert severity is High, the recommendation engine has suggested adjusting it to Medium based on the pattern of similar past alerts, indicating a less critical threat level than initially perceived. This functionality helps analysts by providing data-driven insights, which can optimize alert handling and resource allocation.

When importing modules into FortiSOAR using the configuration wizard and selecting 'Merge with Existing' as the bulk action, the behavior for field handling is as follows: any fields that already exist in the system are overwritten with the imported values. New fields from the imported module are added to the system, while fields that are not part of the imported module remain unaffected and are retained in the system. This option ensures that existing data structures are updated with new information without losing existing, but non-imported, fields.

In FortiSOAR, the service responsible for the playbook scheduling functionality is colcrybeatd. This service manages the timing and execution of scheduled playbooks, allowing for the automation of various tasks at specified intervals. It ensures that playbooks execute according to their configured schedules, which can include tasks such as data ingestion, threat detection, or incident response actions. Proper functioning of this service is essential for the reliable automation of time-dependent processes within FortiSOAR.

To audit and restrict a user's access within FortiSOAR, particularly in response to unauthorized access reports, it's necessary to review the user's effective role permissions. This involves checking which roles grant the user access to the System Configuration module and adjusting as needed. Additionally, reviewing the user's team hierarchy ensures that the user's access aligns with the organization's policies. Misconfigurations in team relationships can sometimes inadvertently provide elevated access; hence, confirming that the team setup is correct is a critical part of the auditing process.