Security Incident Creation and Threat Intelligence Questions

A responder selects a Category on a new security incident and saves the record. What happens because of that Category selection?

When a security incident is first created, what is its default State?

A lookup request finds a matching security incident observable. What should the Finding column show in Threat Lookup Results?

A security team wants Event Management to create incidents without analyst intervention when certain conditions are met. What should they use?

An incident shows McAfee in the alert ingestion details. Which field is that value most likely populating?

Which statement about Threat Intelligence data inside a security incident is correct?

Which set correctly describes the information stored with an observable in SIR?

If Vulnerability Response is activated, which source can create a security incident directly?

On a security incident form, what does the Source field identify?

Which field identifies whether a security incident came from email, a phone call, or network monitoring?

Immediately after a security incident is created, what is its default State?

Which set lists the metadata included for an observable?

What is the effect of enabling the system property sn_si.disable_duplicate_security_incident?

On the Details tab, an analyst selects a Category and saves the record. What happens?

A security request should be turned into a security incident. Which action supports that path?