40 Questions
Which mathematical operations can FortiSIEM perform?
COUNT, SUM, AVG, MIN, MAX, LAST, FIRST
What can you use data aggregation in FortiSIEM for?
All of the above
In the example mentioned, how often are the events being polled?
Every three minutes
What attributes are selected for grouping in the Display Fields section?
Host IP, Host Name, Event Type, Hardware Component Name
What aggregation function expressions are used in the example?
AVG for Temperature Fahrenheit, COUNT for Matched Events
What does the example search query determine?
Average temperature count values reported for fuel server systems
What is the time period for which the average temperature count values are calculated in the example?
Three hours
What is the purpose of data aggregation in FortiSIEM?
To summarize and calculate metrics from event data
What kind of events are used in the example search query?
Temperature events
What does the example search query show for each hardware component of the fuel server?
Average temperature in Fahrenheit count
Which process in FortiSIEM gathers and expresses information in a summary form for statistical analysis?
Data aggregation
What can you do with data aggregation in FortiSIEM?
Perform mathematical operations
What is the purpose of custom Purdue-level business services in FortiSIEM?
To correlate I.T and O.T incidents
How are devices classified and mapped for each Purdue level in FortiSIEM?
Based on business units
What are the search operators, CMDB lookups, and business services used for in FortiSIEM?
Analytical searches
Which devices are listed as Purdue level 1 devices in the example shown on the slide?
PLC1-PCN-A1 and PLC1-PCN-A2
What is the main purpose of referencing custom Purdue-level business services in analytical searches, rules, and reports in FortiSIEM?
To correlate I.T and O.T incidents
What IP addresses are used to filter events in FortiSIEM?
192.168.0.10 and 192.168.0.15
What group of devices are all events coming from when filtered in FortiSIEM?
Firewall group
Once business services are defined in FortiSIEM, where can they be referenced?
In analytical searches, rules, and reports
Which mathematical operations can FortiSIEM perform?
COUNT, SUM, AVG, MIN, MAX, LAST, FIRST
What is the purpose of data aggregation in FortiSIEM?
To display aggregated data for statistical analysis
What can you use data aggregation in FortiSIEM for?
To see which firewall reported the most events over time
What aggregation function expressions are used in the example?
AVG and COUNT
What does the example search query determine?
The average temperature count values reported for fuel server systems
What group of devices are all events coming from when filtered in FortiSIEM?
O.T devices
What IP addresses are used to filter events in FortiSIEM?
Host IP
What is the time period for which the average temperature count values are calculated in the example?
Three hours
What attributes are selected for grouping in the Display Fields section?
Host IP, Host Name, Event Type, Hardware Component Name
What does the example search query show for each hardware component of the fuel server?
The average temperature in Fahrenheit count
Which FortiSIEM feature allows you to correlate I.T and O.T incidents?
Custom Business Service
What is the purpose of grouping devices based on the Purdue model in FortiSIEM?
To map devices to business units
What is the main benefit of using search operators, CMDB lookups, and business services in FortiSIEM?
To create custom analytical searches
Which devices are listed as Purdue level 1 devices in the example shown on the slide?
PLC1-PCN-A1
What is the purpose of data aggregation in FortiSIEM?
To summarize event data for statistical analysis
Which mathematical operations can FortiSIEM perform for data aggregation?
COUNT, SUM, AVG, MIN, MAX, LAST, FIRST
What can you use data aggregation in FortiSIEM for?
To perform statistical analysis on event data
What events are filtered in FortiSIEM based on the example search query?
Events from IP-address 192.168.0.10 OR 192.168.0.15
What is the purpose of referencing custom Purdue-level business services in analytical searches, rules, and reports in FortiSIEM?
To correlate I.T and O.T incidents
What is the main benefit of using custom Purdue-level business services in FortiSIEM?
To map devices to business units
Test your knowledge on custom business services and their correlation to I.T and O.T incidents. This quiz will cover topics such as analytical searches, rules, reports, and the classification and mapping of devices based on the Purdue model. Challenge yourself and see how well you understand custom O.T business services!
Make Your Own Quizzes and Flashcards
Convert your notes into interactive study material.
Get started for free