?

Fortinet Endpoint Detection & Response Lab

Bookmark
36 Launches
Solution Overview

Advanced attacks can take seconds to compromise any endpoint. First generation endpoint detection and response security tools are becoming ineffective due to the lack of efficiency in detecting fast moving threats and an increase of the volume of security indicators which drive up the cost of security operations and slow down network capabilities.

FortiEDR secures endpoints with automated blocking-enabled detection and response against advanced malware. The FortiEDR endpoint security solution stops malware infection (pre- and post-infection), detects and fixes potential threats in real time, and can automate response and restoration procedures with customizable security playbooks.

Goals & Objectives

The purpose of this lab is to help users develop proficiency in navigating the Fortinet EDR Console by installing endpoint collectors, creating collector groups and alert detection, monitoring and response capabilities of the Fortinet EDR Console. This lab makes use of the Fortient EDR Console monitoring features to view the process of compromising endpoints through a simulated attack using an infected executable file that serves as a payload.

This lab environment allows you to:

  • Request a collector install for Windows endpoints
  • Navigating, creating and enabling security policies & playbooks
  • Perform an attack to compromise an endpoint

Hardware & Software

Software

  • Fortinet EDR SaaS Console

Servers

  • 1x Windows Jumphost

Clients

  • 1x Windows 10 Client (Windows 10 Enterprise)
  • 1x Attack Client Software (Kali Linux & Metasploit)

Technologies

Contributors