Based on the Security Fabric automation settings shown in the exhibit:
The automation stitch is configured with a trigger for a "Compromised Host."
The action specified for this trigger is "Quarantine FortiClient via EMS."
This indicates that when an endpoint is detected as compromised, FortiClient EMS will quarantine the endpoint as part of the automation process.
Therefore, the action taken on compromised endpoints will be to quarantine them through EMS.
References
FortiGate Security 7.2 Study Guide, Automation Stitches and Actions Section
Fortinet Documentation on Configuring Automation Stitches and Quarantine Actions
Contribute your Thoughts:
Chosen Answer:
This is a voting comment (?). You can switch to a simple comment. It is better to Upvote an existing comment if you don't have anything to add.
Submit