Which step is NOT part of the IOC workflow for analyzing logs?

The step that is not part of the IOC workflow for analyzing logs is the evaluation of firewall configurations by FortiAnalyzer. The IOC (Indicators of Compromise) workflow primarily focuses on the analysis of security logs to detect potential threats and anomalies.

In this context, the workflow starts with FortiGate sending security logs to FortiAnalyzer, which is essential for acquiring the necessary data for analysis. Following that, FortiAnalyzer runs real-time threat detection to identify any security events based on the gathered logs. The calculation of a threat score is also a necessary part of evaluating the risk related to particular incidents for the end user.

However, evaluating firewall configurations does not constitute a part of the IOC log analysis process, as this task typically involves assessing and adjusting the settings and rules applied by the firewall to enhance security or optimize performance, rather than analyzing incoming logs for threats directly.