Which security fabric component sends a notification to quarantine an endpoint after IOC detection in the automation process?
Which security fabric component sends a notification to quarantine an endpoint after IOC detection in the automation process?
The security fabric component that sends a notification to quarantine an endpoint after IOC detection in the automation process is FortiGate. FortiGate determines if the FortiClient is among its connected endpoints and has the login credentials for the EMS that the FortiClient is connected to. With this information, FortiGate sends a notification to EMS to quarantine the endpoint.
Per link: https://docs.fortinet.com/document/forticlient/7.2.1/ems-administration-guide/952100/quarantining-an-endpoint-from-fortios-using-ems#:~:text=FortiGate%20determines%20if%20the%20FortiClient,a%20quarantine%20message%20to%20it. FortiGate determines if the FortiClient is among its connected endpoints and if it has the login credentials for the EMS that the FortiClient is connected to. With this information, FortiGate sends a notification to EMS to quarantine the endpoint. So, the answer seems to be D.
D is correct...Study Guide p.125...After FortiAnalyzer discover IOCs..."FortiGate sends a notification to FortiClient EMS to quarantine the endpoint."
Correct, page 129 on 7.2 "Fortigate identifies endpoint is connected and send notification to EMS.
Study Guide P. 123
I think its also fortigate. answer D
FortiAnalyzer
I think B is correct. Study Guide p.125 [IOC flow] 2. FortiAnalyzer discovers IoCs in the logs and notifies FortiGate.
B, FortiAnalyzer sends IOC when it discovers it.
FortiGate sends a notification to FortiClient EMS to quarantine the endpoint.
D - Page 125 study guide