FCP – FortiSIEM Analyst 7.2 — Question 4

How does FortiSIEM update the incident table if a performance rule triggers repeatedly?

Answer options

• A. FortiSIEM changes the incident status to Repeated, and updates the Last Seen timestamp.
• B. FortiSIEM updates the Incident Count value and Last Seen timestamp.
• C. FortiSIEM generates a new incident based on the Rule Frequency value, and updates the First Seen and Last Seen timestamps.
• D. FortiSIEM generates a new incident each time the rule triggers, and updates the First Seen and Last Seen timestamps.

Correct answer: B

Explanation

The correct answer is B because FortiSIEM tracks the frequency of incidents by incrementing the Incident Count and updating the Last Seen timestamp when a performance rule triggers repeatedly. Options A, C, and D are incorrect as they suggest changing the incident status or creating new incidents, which does not occur in this scenario.