20 Questions
Which type of incidents can you correlate using custom Purdue-level business services?
I.T and O.T incidents
How many groups have been created based on the Purdue model for custom O.T business services?
Six groups
What devices are listed as Purdue level 1 devices in the example shown on the slide?
PLC1-PCN-A1
Which search operators can be used in analytical searches?
AND, OR, NOT
What can you use data aggregation for in FortiSIEM?
View average temperature, CPU, and memory usage for a specified group of devices
What process does data aggregation involve?
Gathering and expressing information in a summary form
What is the purpose of CMDB Lookups in analytics?
To classify and map devices
Which IP-addresses are used in the example for event filtering?
192.168.0.10 OR 192.168.0.15
What is the purpose of business services in analytical searches?
To correlate I.T and O.T incidents
What mathematical operations can be performed using data aggregation in FortiSIEM?
COUNT, SUM, AVG, MIN, MAX, LAST, FIRST
Which mathematical operations can be performed using FortiSIEM?
COUNT, SUM, AVG, MIN, MAX, LAST, FIRST
What can you use data aggregation for in FortiSIEM?
View average temperature, CPU, and memory usage for a specified group of O.T devices
Which function expression can be used to calculate the average temperature in Fahrenheit?
AVG
What is the purpose of setting up a structured query for host IP and event type temperature over a three-hour period?
To see the average temperature count values reported for fuel server systems
Which attributes should be selected in the Display Fields section for Group By in order to see the average temperature count values for each hardware component of the fuel server?
Host IP, Host Name, Event Type, Hardware Component Name
What does the COUNT aggregation function calculate in FortiSIEM?
Events being received over a specific time interval
How often are the events being polled in the example?
Every three minutes
What values were taken for each event in the example?
Values when the event was polled
What type of data does FortiSIEM provide aggregation capabilities for?
Performance metrics
What does the AVG aggregation function calculate in FortiSIEM?
Average value
Test your knowledge on custom business services and their correlation to I.T and O.T incidents. This quiz will cover topics such as analytical searches, rules, reports, and the classification and mapping of devices based on the Purdue model. Challenge yourself and see how well you understand custom O.T business services!
Make Your Own Quizzes and Flashcards
Convert your notes into interactive study material.
Get started for free
