Mastering FortiAnalyzer's FortiView Feature

Play an AI-generated podcast conversation about this lesson

Which of the following statements about event handlers is correct?

Event handlers are specific matched conditions in the raw logs that determine what events are to be generated. (correct)
Event handlers can only be created using predefined templates.
Event handlers can only send alert notifications via email.
Event handlers can only apply to a single device.

What must be set up in order to use event handler alert notifications?

SNMP trap
Raw logs
Email server (correct)
Syslog server

What do generic text filters allow you to do when configuring an event handler?

Have more precise and flexible control over which logs trigger an event. (correct)
Send alert notifications via SNMP trap.
Create custom event handlers.
Enable predefined event handlers.

Where can you view events generated by enabled and configured event handlers?

Event Monitor section on the FortiSOC pane. (C) Signup and view all the answers

What can you do by double-clicking an event in the Event Monitor section?

View more details about the event and associated logs. (C) Signup and view all the answers

Which of the following is NOT a supported operator for generic text filters?

Greater than (B) Signup and view all the answers

What can event handlers apply to?

A single device or multiple devices. (B) Signup and view all the answers

What is required to create custom event handlers?

None of the predefined event handlers meet your requirements. (A) Signup and view all the answers

What is the purpose of event handlers in the system?

To determine what events are to be generated based on specific matched conditions in the raw logs. (C) Signup and view all the answers

What should be done before configuring an event handler?

Search the raw logs for the log file on which you want to add an event handler and copy the string you want to match. (B) Signup and view all the answers

Which section on the toolbar allows you to save frequent searches as a custom view?

Custom View (D) Signup and view all the answers

What type of data does FortiView integrate into a single, summary view?

Real-time and historical data (A) Signup and view all the answers

What can you view in FortiView in both tabular and graphical formats?

Summaries of log data (A) Signup and view all the answers

What can you drill down into in each summary view in FortiView?

Details (A) Signup and view all the answers

What can you use the FortiView pane for?

Applying multiple filters (B) Signup and view all the answers

What does FortiSOC enable on FortiAnalyzer?

SOAR and SIEM capabilities (D) Signup and view all the answers

What do the FortiAnalyzer SIEM capabilities do?

Parse, normalize, and correlate logs (B) Signup and view all the answers

What does FortiSOC provide with playbook automation?

Event and incident management capabilities (D) Signup and view all the answers

What can event handlers in FortiAnalyzer be customized for?

Handling custom events (C) Signup and view all the answers

What can generic text filters be used for when configuring an event handler?

Filtering event data (A) Signup and view all the answers