What happens when the IOC breach detection engine on FortiAnalyzer finds web logs that match a blocklisted IP address?
What happens when the IOC breach detection engine on FortiAnalyzer finds web logs that match a blocklisted IP address?
When the IOC breach detection engine on FortiAnalyzer finds web logs that match a blocklisted IP address, a new Infected entry is added for the corresponding endpoint.
C is correct
Answer Correct is C In FortiAnalyzer Analyst 7.2 Study Guide, p. 73 "The breach detection engine on FortiAnalyzer uses Fortiguard Threat DEtection Service (TDS) intelligence to analyze web filter logs for breach detection...When the threat match is found, a threat score is given to the end user based on the overall ranking score from TDS"
If a match is found in the blacklist, then FortiAnalyzer displays the endpoint in Compromised Hosts with a Verdict of Infected. The answer is C
C correct
C is correct
C is correct