The security team plans to leverage their existing Fortinet Security Fabric infrastructure to create an automated response capability to isolate compromised endpoints. Their environment consists of FortiClient EMS, FortiGate firewalls, and FortiAnalyzer. Which two configurations are required to quarantine endpoints based on indicator of compromise (IOC) verdicts from the security fabric deployment? (Choose two answers)

• A. A FortiAnalyzer playbook configured to notify FortiGate about IOC incidents
• B. An automation stitch configured on FortiGate for host quarantine
• C. FortiClient configured to send traffic and security logs to FortiAnalyzer
• D. The IOC feature enabled in the malware endpoint protection profile

Correct Answer: B,C

Brave-Dump Clients Votes