Refer to this partial incident output: Condition: if this Pattern occurs within any 1800-second time window Host Interface Name: Red Hat VirtIO Ethernet Adapter Recv Packet Errors: 0 Sent Packet Errors: 0 Recv Packet Discards: 37 Sent Packet Discards: 0 Recv Packet Error Pct: 0.00 Sent Packet Error Pct: 0.00 Recv Packet Discard Pct: 7.17 Sent Packet Discard Pct: 0.00 Avg Recv Interface Error: 0.00 Avg Sent Interface Error: 0.00 Avg Recv Interface Discard: 16.45 Avg Sent Interface Discard: 0.00 Which conclusion can you make about this incident? (Choose one answer)

A. It was triggered by a baseline profile incident rule.
B. It was triggered from a FortiAI machine learning rule.
C. It was triggered by a correlation rule.
D. It was triggered by a lookup table.

Correct Answer: C

Brave-Dump Clients Votes

C 100%

Comments

Simon Cliffe 2026-02-09 20:16:43

Selected Answers: C

C - baselines don't use time windows and patterns, correlation rules do. There are no baseline profiles with a key of the interface name, they are firewall name, source IP etc and DON'T use time windows!!