Which statement accurately contrasts lookup tables with watchlists?
A.
Lookup table values age out after a period, whereas watchlist values do not have any time condition.
B.
You can populate lookup tables through an incident, whereas you cannot populate watchlists through an incident.
C.
Lookup tables can contain multiple columns, whereas watchlists contain only a single column.
D.
You can reference lookup table data in analytic queries and reports almost immediately, whereas you may have to wait up to 5-10 minutes for watchlist entries to be useable in queries and reports.
Lookup tables and watchlists serve different purposes in Fortinet’s Advanced Analytics:
● Lookup tables allow for structured data storage with multiple columns, making them useful for correlating different attributes or key-value pairs.
● Watchlists are simpler and contain only a single column, often used for quick reference to flagged values, such as IP addresses or user accounts.
Contribute your Thoughts:
Chosen Answer:
This is a voting comment (?). You can switch to a simple comment. It is better to Upvote an existing comment if you don't have anything to add.
Submit