What would typically trigger a playbook in FortiSOC?

In FortiSOC, a playbook is typically triggered by a specific event or incident occurrence. Playbooks are a structured series of tasks and responses designed to automate the incident response process. When a particular event, such as an intrusion attempt or a malware detection, is detected by the system, it activates the corresponding playbook that outlines the steps to address that specific incident. This ensures a swift and organized response to potential threats, allowing security teams to mitigate issues effectively and efficiently.

The other options, while they may involve actions taken in security operations, do not accurately represent how playbooks are initiated in the context of FortiSOC. Scheduled jobs or timers could be utilized for regular maintenance tasks, and user intervention might be required for various processes, but these do not reflect the automated nature of incident response associated with playbooks. Additionally, a system reboot or recovery function pertains more to system management than to the incident response procedures defined in playbooks.