Deal of The Day! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions

Fortinet Exam NSE5_FSM-6.3 Topic 2 Question 19 Discussion

Actual exam question for Fortinet's NSE5_FSM-6.3 exam
Question #: 19
Topic #: 2
[All NSE5_FSM-6.3 Questions]

Refer to the exhibit.

A FortiSIEM is continuously receiving syslog events from a FortiGate firewall The FortiSlfcM administrator is trying to search the raw event logs for the last two hours that contain the keyword tcp . However, the administrator is getting no results from the search.

Based on the selected filters shown in the exhibit, why are there no search results?

Show Suggested Answer Hide Answer
Suggested Answer: D

Search Filters in FortiSIEM: When searching for specific events, administrators can use various attributes to filter the results.

Attribute for Agent Events: To view events received specifically from Linux and Windows agents, the attribute External Event Receive Agents should be used.

Function: This attribute filters events that are received from agents, distinguishing them from events received through other protocols or sources.

Search Efficiency: Using this attribute helps the administrator focus on events collected by FortiSIEM agents, making the search results more relevant and targeted.

Reference: FortiSIEM 6.3 User Guide, Event Search and Filters section, which describes the available attributes and their usage for filtering search results.


Contribute your Thoughts:

Ruth
1 days ago
I think the reason there are no search results is because the keyword is case sensitive.
upvoted 0 times
...
Audrie
3 days ago
The keyword is case-sensitive, so the administrator should type 'tcp' instead of 'TCP'. Rookie mistake!
upvoted 0 times
...

Save Cancel