Skip to main content

Security Information and Event Management (SIEM)/Security Orchestration Automation & Response (SOAR) XCSA 1103

Cybersecurity Network Admin Course

Course details

In this course, you will learn about FortiSIEM initial configurations, architecture, and the discovery of devices on the network and SOAR products in the industry. You will also learn how to collect performance information and aggregate it with Syslog data to enrich the overall view of the health of your environment, how to use the configuration database to greatly facilitate compliance audits, and how to integrate FortiSIEM into your network awareness infrastructure.


  • Network Defense Essential (FortiGate) , Basic knowledge of networking, routing, and switching and OS.





Course offerings

Spring/Summer 2023

Below is one offering of XCSA 1103 for the Spring/Summer 2023 term.

CRN 68166


Start any time

  • 10 weeks
  • CRN 68166
  • $206.72
Continuous Entry, Distance or Online

This is an online learning course. Start any time. You have 10 weeks from the date you register to complete this course.


Hamidreza Talebi

Course outline




Important information
  1. Important course information will be sent to you immediately after registering. Check your myBCIT email account to access this information.
  2. Select students may be eligible for a tuition subsidy. Please email for more details. If you have any question about this course, please contact the Program Assistant Selina Li - Please include your BCIT student ID (if you have one). Note: BCIT reserves the right to cancel courses. In the event of a course cancellation, you will be notified at least two business days prior to the course start. Please ensure that your contact information is current in your myBCIT.

Learning Outcomes

Upon successful completion of this course, the student will be able to:

  • Identify business drivers for using SIEM tools
  • Describe key features of FortiSIEM
  • Understand how collectors, workers, and supervisors work together
  • Create new users
  • Describe and enable devices for discovery
  • Configure users when to use agents
  • Perform real-time, historic structured searches
  • Group and aggregate search results
  • Create custom incident rules
  • Edit existing, or create new, reports
  • Configure and customize the dashboards
  • Identify Windows agent components
  • Describe the purpose of Windows agents
  • Understand how the Windows agent manager works in various deployment models
  • Identify reports that relate to Windows agents
  • Understand the FortiSIEM Linux file monitoring agent
  • Understand agent registration
  • Monitor agent communications after deployment
  • Describe SOAR

Effective as of Winter 2022

Related Programs

Security Information and Event Management (SIEM)/Security Orchestration Automation & Response (SOAR) (XCSA 1103) is offered as a part of the following programs:

School of Energy

  1. Cybersecurity Analysis for Network Administrators
    Microcredential Part-time


Interested in being notified about future offerings of Security Information and Event Management (SIEM)/Security Orchestration Automation & Response (SOAR) (XCSA 1103)? If so, fill out the information below and we'll notify you by email when courses for each new term are displayed here.

  • Privacy Notice: The information you provide will be used to respond your request for BCIT course information and is collected under Section 26(c) of the Freedom of Information and Protection of Privacy Act (FIPPA). For more information about BCIT’s privacy practices contact: Associate Director, Privacy, Information Access & Policy Management, British Columbia Institute of Technology, 3700 Willingdon Ave. Burnaby, BC V5A 3H2, email: