Valid NSE7_SOC_AR-7.6 Dumps shared by EduDump.com for Helping Passing NSE7_SOC_AR-7.6 Exam! EduDump.com now offer the newest NSE7_SOC_AR-7.6 exam dumps, the EduDump.com NSE7_SOC_AR-7.6 exam questions have been updated and answers have been corrected get the newest EduDump.com NSE7_SOC_AR-7.6 dumps with Test Engine here:
Which three end user logs does FortiAnalyzer use to identify possible IOC compromised hosts? (Choose three answers)
Correct Answer: A,C,E
Comprehensive and Detailed Explanation From FortiSOAR 7.6., FortiSIEM 7.3 Exact Extract study guide: In the context of the Fortinet Security Fabric,FortiAnalyzerperforms Indicator of Compromise (IOC) detection by correlating various security logs against a threat intelligence database.3The IOC engine specifically analyzes the following logs of each end user to identify potentially compromised hosts: * Web Filter Logs (A):The engine parses web filtering logs to identify access attempts to blacklisted URLs, malicious domains, or IPs associated with known malware distribution sites.4If a match is found in the threat database, the host is flagged as compromised. * DNS Filter Logs (C):DNS requests are a primary indicator of a compromise. The engine monitors these logs for queries directed at known Command and Control (C2) servers or domains generated by Domain Generation Algorithms (DGA).5 * IPS Logs (E):Intrusion Prevention System (IPS) logs provide critical data on signature matches for known attacks. In newer Security Operations (SOC) curricula, IPS logs are used alongside Web and DNS logs to provide a high-fidelity assessment of whether a host is currently infected and attempting to communicate with an external threat actor. Why other options are incorrect: * Email Filter Logs (B):While important for detecting phishing attempts (Initial Access), email logs are generally used for content filtering and antispam rather than being a primary source for the IOC engine's behavioral "calling home" detection in the FortiAnalyzer Compromised Hosts view. * Application Filter Logs (D):Application control logs provide visibility into software usage but are less commonly used by the core IOC engine for identifying blacklisted network destinations compared to Web and DNS filtering.