Splunk
SPLK-5002 · Question #62
SPLK-5002 Question #62: Real Exam Question with Answer & Explanation
Sign in or unlock SPLK-5002 to reveal the answer and full explanation for question #62. The question stem and answer options stay visible for context.
Question
Engineers are commonly asked to turn data sources like EDR alerts into risk events. Doing so requires a dynamic mapping of the signatures in the rule to MITRE ATT&CK®. Which of the following fields could be used to dynamically set the MITRE ATT&CK® technique ID for the EDR alerts?
Options
- Amitre_attack.tactic_id
- Bannotations.mitre_attack.tactic_id
- Cmitre_attack.mitre_technique_id
- Dannotations.mitre_attack.mitre_technique_id
Unlock SPLK-5002 to see the answer
You've previewed enough free SPLK-5002 questions. Unlock SPLK-5002 for full answers, explanations, the timed quiz mode, progress tracking, and the master PDF. Question stem and options stay visible so you can still see what's on the exam.