An OT administrator is defining an incident notification policy using FortiSIEM and would like to configure the system with a notification policy. If an incident occurs, the administrator would like to be able to intervene and block an IP address or disable a user in Active Directory from FortiSIEM.
Which step must the administrator take to achieve this task?
A . Configure a fabric connector with a notification policy on FortiSIEM to connect with FortiGate.
B . Create a notification policy and define a script/remediation on FortiSIEM.
C . Define a script/remediation on FortiManager and enable a notification rule on FortiSIEM.
D . Deploy a mitigation script on Active Directory and create a notification policy on FortiSIEM.
Answer: B
Explanation:
https://fusecommunity.fortinet.com/blogs/silviu/2022/04/12/fortisiempublishingscript
Latest NSE7_OTS-7.2 Dumps Valid Version with 49 Q&As
Latest And Valid Q&A | Instant Download | Once Fail, Full Refund