Comprehensive and Detailed Explanation From FortiSOAR 7.6., FortiSIEM 7.3 Exact Extract study guide:
InFortiSIEM 7.3, a key innovation is the integration ofFortiAI, which provides generative AI capabilities to assist SOC analysts during the triage and response process.
Generative AI Summary:When an incident occurs, FortiAI can automatically analyze the underlying logs, correlation logic, and MITRE ATT&CK techniques (such as "Exfiltration Over Alternative Protocol" shown in the exhibit) to generate a human-readable summary.
Structured Output:The output displayed in the exhibit—specifically the categorizedInvestigation Actions(identifying affected systems, analyzing traffic) andRemediation Actions(immediate containment, patching, user training)—is the typical result of a FortiAI summary request.
Analyst Efficiency:This feature is designed to reduce the "mean time to respond" (MTTR) by providing analysts with immediate, actionable steps without requiring them to manually piece together the recommended response plan from static documentation or disparate log views.
Why other options are incorrect:
Exporting an incident (A):Exporting an incident typically results in a raw data file (CSV/JSON/PDF) containing the log data and metadata, rather than an AI-generated strategic plan for investigation and remediation.
Running an incident report (B):Standard incident reports provide statistical and historical data about incidents over time. They do not dynamically generate specific, numbered investigation steps tailored to the unique context of a single live incident.
Context tab (D):The Context tab in FortiSIEM is primarily used to view theCMDBinformation of the involved assets (e.g., host details, owner, location) and related historical events. While it provides thedataneeded for an investigation, it does not provide thelist of actionsto take.
