In FortiAnalyzer's incident management system, analysts have the option to manually manage
incidents, which includes attaching relevant reports to an incident for further investigation and
documentation. This feature allows analysts to consolidate information, such as detailed reports on
suspicious activity, into an incident record, providing a comprehensive view for incident response.
Let's review the other options to clarify why they are incorrect:
Option A: You can manually attach generated reports to incidents
This is correct. FortiAnalyzer allows analysts to manually attach reports to incidents, which is
beneficial for providing additional context, evidence, or analysis related to the incident. This
functionality is part of the incident management process and helps streamline information for
tracking and resolution.
Option B: The status of the incident is always linked to the status of the attached event
This is incorrect. The status of an incident on FortiAnalyzer is managed independently of the status of
any attached events. An incident can contain multiple events, each with different statuses, but the
incident itself is tracked separately.
Option C: Severity incidents rated with the level High have an initial service-level agreement (SLA)
response time of 1 hour
This is incorrect. While incidents have severity levels, specific SLA response times are typically set
according to the organization’s incident response policy, and FortiAnalyzer does not impose a default
SLA response time of 1 hour for high-severity incidents.
Option D: Incidents must be acknowledged before they can be analyzed
This is incorrect. Incidents on FortiAnalyzer can be analyzed even if they are not yet acknowledged.
Acknowledging an incident is often part of the workflow to mark it as being actively addressed, but it
is not a prerequisite for analysis.
Reference: According to FortiAnalyzer documentation, analysts can attach reports to incidents
manually, making option A correct. This feature enables better tracking and documentation within
the incident management system on FortiAnalyzer.
