20 Questions
Which section of an event handler contains the fields that must be matched up against logs in order to generate events?
First section
What can be used to limit which logs will be checked for matches by the other filters in an event handler?
Prefilter
What is the purpose of a prefilter in an event handler?
To limit which logs will be checked for matches by other filters
What type of logs will trigger an event when using generic text filters in an event handler?
Logs that match the specified regex pattern
Which section of an event handler contains the details that will be added to the events generated if a match is found?
Second section
What is the purpose of generic text filters in an event handler?
To generate events based on specific conditions
What are the supported operators when configuring an event handler with generic text filters?
Regex and POSIX
What is the purpose of a prefilter in an event handler?
To limit which logs will be checked for matches by other filters
What is the purpose of generic text filters in an event handler?
To generate events based on specific conditions
What are the supported operators when configuring an event handler with generic text filters?
Regex and POSIX
Which of the following is an example of a valid filter expression in FortiAnalyzer?
dstip==192.168.1.168 & hostname ~ 'facebook'
What is the purpose of event handlers in FortiAnalyzer?
To add custom messages to events
Which of the following is NOT a notification method that can be used with event handlers in FortiAnalyzer?
Fabric connectors
What does the event status 'Mitigated' indicate in FortiAnalyzer?
The security risk is mitigated by being blocked or dropped
What is the purpose of exporting and importing event handlers in FortiAnalyzer?
To reuse existing event handlers across different A-doms
Which of the following is NOT a possible event status in FortiAnalyzer?
Resolved
What is the purpose of including event details in notifications sent by email, SNMP traps, fabric connectors, or syslog servers in FortiAnalyzer?
To see the event details without going into the logs
What is required before using any of the notification methods with event handlers in FortiAnalyzer?
Setting up the back end for email notifications
Which of the following is an example of an event handler configured to send notifications by email in FortiAnalyzer?
Server IP: 10.200.1.254
What should be done if a name conflict occurs during the import of event handlers in FortiAnalyzer?
FortiAnalyzer will add a time stamp to the imported handler
Test your knowledge of event handler settings with this quiz! Learn about the two logical sections involved in setting up event handlers and how to configure fields for generating events.
Make Your Own Quizzes and Flashcards
Convert your notes into interactive study material.
Get started for free