Podcast
Questions and Answers
Which node calculates the unused events and sends the value to the central decision-making engine?
Which node calculates the unused events and sends the value to the central decision-making engine?
- Event entry node
- Worker
- Supervisor (correct)
- Collector
What is the total incoming EPS from the three collectors in the example?
What is the total incoming EPS from the three collectors in the example?
- 175 (correct)
- 93,600
- 31,500
- 71,460
What is the total unused events in the example?
What is the total unused events in the example?
- 31,500
- 175
- 93,600
- 71,460 (correct)
What is the formula to calculate the total number of allowed events for the next three-minute interval?
What is the formula to calculate the total number of allowed events for the next three-minute interval?
What is the licensed EPS in the example?
What is the licensed EPS in the example?
What is the total number of allowed events for the next three-minute interval in the example?
What is the total number of allowed events for the next three-minute interval in the example?
When does the process of building the EPS reservoir start over for the next day?
When does the process of building the EPS reservoir start over for the next day?
What is the restriction on the number of events that can be carried over to the next day at midnight?
What is the restriction on the number of events that can be carried over to the next day at midnight?
What is the EPS reservoir used for in FortiSIEM?
What is the EPS reservoir used for in FortiSIEM?
What is the purpose of the 10% buffer in the formula to calculate the total number of allowed events?
What is the purpose of the 10% buffer in the formula to calculate the total number of allowed events?
FortiSIEM can use events in the EPS reservoir if the system suddenly needs to process more than the license.
FortiSIEM can use events in the EPS reservoir if the system suddenly needs to process more than the license.
In the phoenix.log file, you can see the licensed, allowed, used, and unused (reservoir) values every three minutes.
In the phoenix.log file, you can see the licensed, allowed, used, and unused (reservoir) values every three minutes.
What does the supervisor node in FortiSIEM do?
What does the supervisor node in FortiSIEM do?
What features are supported by the FortiSIEM Windows agent?
What features are supported by the FortiSIEM Windows agent?
What is the purpose of the auditd daemon on Linux?
What is the purpose of the auditd daemon on Linux?
What happens to the allowed events and unused reservoir values in the phoenix.log file?
What happens to the allowed events and unused reservoir values in the phoenix.log file?
What is the supervisor node's role in FortiSIEM agent management?
What is the supervisor node's role in FortiSIEM agent management?
How are logs collected by the Linux agent delivered to FortiSIEM?
How are logs collected by the Linux agent delivered to FortiSIEM?
What is the purpose of the EPS reservoir in FortiSIEM?
What is the purpose of the EPS reservoir in FortiSIEM?
What types of nodes are there in a FortiSIEM deployment?
What types of nodes are there in a FortiSIEM deployment?