Mastering Incident Creation

Which of the following statements is true about incidents in FortiAnalyzer?

Incidents can be created manually or automatically with playbooks. (correct)
Incidents can only be created manually from Event Monitor.
Incidents can only be created automatically with playbooks.
Incidents can only be created from one of the default views under Event Monitor.

What is the purpose of creating an incident in FortiAnalyzer?

To perform a full investigation of the incident.
To view an incident's details.
To analyze the impact and importance of events on the network.
To prevent or mitigate security breaches. (correct)

How can an incident be created in FortiAnalyzer from Event Monitor?

By selecting the incident category, severity, and status.
By double-clicking on the desired event.
By right-clicking on the desired event and selecting the corresponding option. (correct)
By running the available playbooks.

What information is shown on the incident analysis page in FortiAnalyzer?

Affected endpoint and user, incident's timeline, executed playbooks, and audit history. (B) Signup and view all the answers

Where can incidents be viewed in FortiAnalyzer?

Incidents tab (C) Signup and view all the answers

What is the purpose of analyzing an incident in FortiAnalyzer?

To perform a full investigation of the incident. (C) Signup and view all the answers

How can an incident be analyzed in FortiAnalyzer?

By right-clicking on the desired incident and selecting Analysis. (B) Signup and view all the answers

What tabs provide more details about an incident in FortiAnalyzer?

Comments, Events, Reports, Indicators, Affected Assets, Processes, Software, and Vulnerabilities. (A) Signup and view all the answers

Can incidents in FortiAnalyzer be created automatically with playbooks?

Yes, incidents can be created manually or automatically with playbooks. (B) Signup and view all the answers

What are some of the details shown on the incident analysis page in FortiAnalyzer?

Affected endpoint and user, incident's timeline, executed playbooks, and audit history. (D) Signup and view all the answers

Threat hunting is the process of proactively searching for suspicious or potentially risky network activity that may have gone undetected.

True (A) Signup and view all the answers

What is the purpose of configuring incident settings in FortiAnalyzer?

To keep track of the work being done to solve incidents (C) Signup and view all the answers

What is the recommended best practice for incident notifications in FortiAnalyzer?

Send notifications for all incident-related activities (D) Signup and view all the answers

What is the purpose of the Threat Hunting pane in FortiSoC?

To allow for advanced correlation and analysis to hunt for threats (C) Signup and view all the answers

How can you access the related logs of an incident in FortiAnalyzer?

By right-clicking the incident and selecting the Logs tab (D) Signup and view all the answers

What is the purpose of the Comments tab in FortiAnalyzer?

To view comments added by other analysts (B) Signup and view all the answers

What should be done once an incident is closed in FortiAnalyzer?

Delete the incident from the list (C) Signup and view all the answers

What is the purpose of the Reports tab in FortiAnalyzer?

To view existing reports (B) Signup and view all the answers

What is the purpose of configuring fabric connectors in FortiAnalyzer?

To configure external platforms for incident notifications (A) Signup and view all the answers

What is the purpose of keeping all incident settings up to date in FortiAnalyzer?

To track the work being done to solve incidents (C) Signup and view all the answers