Refer to the exhibit. You want to configure a FortiSIEM rule that triggers when a FortiMail device reports at least 100 recipient verification failures for different email accounts in the domain acmecorp.net. What would you add or modify to accomplish this task? (Choose one answer)

A. Change the aggregate to COUNT (Distinct Mail Receiver) >= 100.
B. Add a filter for Mail Receiver => 100.
C. Change the status attribute filter from Status CONTAIN FAIL to Status CUSTOM EXPRESSION FAIL >= 100.
D. Add a filter for Mail Receiver CONTAIN acmecorp.net.

Brave-Dump Clients Votes

A 100%

Comments

Brave-Dumps Admin 2026-02-04 20:51:30

Selected Answers: A

Reference: Page 109 in NSE 7 – Security Operations 7.6 Architect Study Guide