In FortiOS and FortiAnalyzer logging systems, when an event has a status of "Mitigated" in the Event

Status column, it typically indicates that the system took action to address the identified threat. In

this case, the Web Filter blocked the web request to a suspicious destination, and the event status

"Mitigated" confirms that the action was successfully implemented to neutralize or block the security

risk.

Let's review the answer options:

Option A: The risk source is isolated.

This is incorrect because "isolated" would imply that FortiGate took further steps to prevent the

source device from communicating with the network. There is no indication of isolation in this event

status.

Option B: The security risk was blocked or dropped.

This is correct. The "Mitigated" status, along with the Web Filter event type and the accompanying

description, implies that the FortiGate or FortiAnalyzer successfully blocked or dropped the

suspicious web request, which corresponds to the term "mitigated."

Option C: The security event risk is considered open.

This is incorrect because an open status would indicate that no action was taken, or the threat is still

present. The "Mitigated" status indicates that the threat has been addressed.

Option D: An incident was created from this event.

This option is not correct or evident based on the given display. Although FortiAnalyzer or FortiGate

could escalate certain events to incidents, this is not indicated here.

Reference:

The FortiOS 7.4.1 and FortiAnalyzer 7.4.1 documentation specify that "Mitigated" status in logs

means the identified threat was handled, usually by blocking or dropping the action associated with

the event, particularly with Web Filter and Security Policy logs​.