Palo_Alto_Networks
XSIAM-ENGINEER · Question #8
XSIAM-ENGINEER Question #8: Real Exam Question with Answer & Explanation
Sign in or unlock XSIAM-ENGINEER to reveal the answer and full explanation for question #8. The question stem and answer options stay visible for context.
Question
A security engineer notices that in the past week ingestion has spiked significantly. Upon investigating the anomaly, it is determined that a custom application developed in-house caused the spike. The custom application is sending syslog to the Broker VM Syslog Collector applet. The engineer consults with the SOC analyst, who determines that 90% of the logs from the custom application are not used. What can the engineer configure to reduce the ingestion?
Options
- AParsing rule to drop the unnecessary data at the Broker VM
- BData model rule to drop the unnecessary data
- CCorrelation rule on the Cortex XSIAM server to drop the unnecessary data
- DData model rule to map the useful data
Unlock XSIAM-ENGINEER to see the answer
You've previewed enough free XSIAM-ENGINEER questions. Unlock XSIAM-ENGINEER for full answers, explanations, the timed quiz mode, progress tracking, and the master PDF. Question stem and options stay visible so you can still see what's on the exam.