View all questions & answers for the NSE 7 - Security Operations 7.6 Architect Materials exam

NSE 7 - Security Operations 7.6 Architect Materials-Question 25 Discussion

Which two statements accurately describe the process to create a new rule from a search using FortiSIEM analytics? (Choose two answers)

A. Raw event logs cannot be used for incident rule creation.
B. The incident action is automatically configured based on the event type.
C. All search filter rows are added into a single subpattern.
D. The default aggregate condition will always be COUNT (Matched Events) >= 1.

Correct Answer: C,D

Brave-Dump Clients Votes

AD 100%

Comments

Anonymous User 2026-03-07 18:10:30

Selected Answers: A, D

You don’t use raw logs but parsed logs for incident correlation rules