nerdexam
Palo_Alto_Networks

XSIAM-ANALYST · Question #11

XSIAM-ANALYST Question #11: Real Exam Question with Answer & Explanation

The correct answer is A. They can be uploaded using REST API. C. They can be used to detect a specific registry key.. Cortex allows for the programmatic management of IOCs, enabling security teams to automate the ingestion of indicators from external threat intelligence platforms or custom scripts via the IOC rules are designed to identify specific artifacts on an endpoint. This includes not onl

Question

Which two statements apply to IOC rules? (Choose two.)

Options

  • AThey can be uploaded using REST API.
  • BThey can have an expiration date of up to 180 days.
  • CThey can be used to detect a specific registry key.
  • DThey can be excluded using suppression rules but not alert exclusions.

Explanation

Cortex allows for the programmatic management of IOCs, enabling security teams to automate the ingestion of indicators from external threat intelligence platforms or custom scripts via the IOC rules are designed to identify specific artifacts on an endpoint. This includes not only file hashes and IP addresses but also specific Registry Keys or paths that are known to be associated with malicious activity.

Community Discussion

No community discussion yet for this question.

Sign up to join the discussion
Full XSIAM-ANALYST Practice