NSE6-FSM-AN-7-4Preview

When selecting multiple rules at once on FortiSIEM, which actions can you perform?

Rules on FortiSIEM are usually processed as events are collected (streaming).
How can you create a rule to evaluate events over an 8-hour period?

Refer to the exhibit.

Which event type attribute value will the FortiSIEM parser save for this event?

Refer to the exhibit.
The configuration for a machine learning (ML) dataset using anomaly detection is shown.

If data for this model is generated every hour, how long must the FortiSIEM device be up before it can produce a valid training set?

Which two categories can you map to the MITRE ATT&CK coverage tables on FortiSIEM? (Choose two.)

Refer to the exhibit.

Which two lookup types can you reference as the subquery in a nested analytics query? (Choose two.)

Refer to the exhibit.

If you group these events by the Reporting IP, Event Type, and User attributes, how many results will FortiSIEM display?

Refer to the exhibit.

Which two items can be referenced in the incident details when this rule is triggered and creates an incident? (Choose two.)

Several new internal servers are generating incidents and must be excluded from several FortiSIEM rules.
How must you tune rules to exclude several undiscovered devices from rules?

You want FortiSIEM to automatically add three zero trust network access (ZTNA) tags to a device when that device triggers a custom rule. You want FortiSIEM to push these ZTNA tags to multiple FortiClient EMS servers in the organization.
How can you accomplish this?

Which two types of information can FortiSIEM retrieve from FortiClient EMS through an external connection? (Choose two.)

Refer to the exhibit.

What does the Group: Windows value refer to?

Refer to the exhibit.

Why is this search not producing any results?

Refer to the exhibit.

What is this rule attempting to match?