Which two FortiSIEM components work together to provide real-time event correlation?

Which two FortiSIEM components work together to provide real-time event correlation?
A . Supervisor and worker
B . Collector and Windows agent
C . Worker and collector
D . Supervisor and collector

View Answer

Answer: C

Explanation:

FortiSIEM Architecture: The FortiSIEM architecture includes several components such as Supervisors, Workers, Collectors, and Agents, each playing a distinct role in the SIEM ecosystem.

Real-Time Event Correlation: Real-time event correlation is a critical function that involves analyzing and correlating incoming events to detect patterns indicative of security incidents or operational issues.

Role of Supervisor and Worker:

Supervisor: The Supervisor oversees the entire FortiSIEM system, coordinating the processing and analysis of events.

Worker: Workers are responsible for processing and correlating the events received from Collectors and Agents.

Collaboration for Correlation: Together, the Supervisor and Worker components perform real-time event correlation by distributing the load and ensuring efficient processing of events to identify incidents in real-time.

Reference: FortiSIEM 6.3 User Guide, Event Correlation and Processing section, details how the Supervisor and Worker components collaborate for real-time event correlation.