Which step must the administrator take to achieve this task?

An OT administrator is defining an incident notification policy using FortiSIEM and would like to configure the system with a notification policy. If an incident occurs, the administrator would like to be able to intervene and block an IP address or disable a user in Active Directory from FortiSIEM.

Which step must the administrator take to achieve this task?
A . Configure a fabric connector with a notification policy on FortiSIEM to connect with FortiGate.
B . Create a notification policy and define a script/remediation on FortiSIEM.
C . Define a script/remediation on FortiManager and enable a notification rule on FortiSIEM.
D . Deploy a mitigation script on Active Directory and create a notification policy on FortiSIEM.

Answer: B

Explanation:

https://fusecommunity.fortinet.com/blogs/silviu/2022/04/12/fortisiempublishingscript

Subscribe
Notify of
guest
0 Comments
Inline Feedbacks
View all comments