Fortinet NSE6_OTS_AR-7.6 Exam - Topic 3 Question 3 Discussion

The correct answer is D. Automatically by an event handler. The study guide explicitly states that ''Event handlers generate events on FortiAnalyzer'' and ''FortiAnalyzer uses event handlers to filter all incoming logs. If the logs received match the conditions set in the event handlers, FortiAnalyzer generates an event.'' It also says ''You can view all generated events on the Event Monitor page.'' This directly matches the exhibit, which is showing entries on the Event Monitor page. Therefore, the attack shown there was detected automatically through an event handler.

The guide also explains the detection flow: ''FortiAnalyzer receives logs,'' ''FortiAnalyzer parses logs,'' and ''FortiAnalyzer generates an event if a rule is matched in an event handler.'' In addition, the Event Monitor view includes the Handler column, which identifies the event handler that generated the event. That is why the attack is not considered manually detected, and it is not primarily detected by a playbook or stitch. Playbooks and stitches are used for subsequent automation actions, but the event appearing in Event Monitor is created by the event handler mechanism.