Which log will generate an event with the status Contained?
Which log will generate an event with the status Contained?
An event with the status 'Contained' typically indicates that a threat has been isolated or neutralized. An AV (Antivirus) log with the action 'quarantine' suggests that a potentially harmful file or software has been successfully moved to a secure location to prevent it from causing damage. This action corresponds to the concept of containing the threat, making an AV log with action 'quarantine' the correct option.
Contained: The risk source is isolated. For example, an AV log with action=quarantine will have the event status Contained. Reference: FortiAnalyzer Analyst Study Guide for FortiAnalyzer 7.2
FortiAnalyzer Analyst Study Guide for FortiAnalyzer 7.2, page 111