A team wants a low-prevalence hunting rule to act as a secondary indicator during investigations instead of immediately creating alerts. What should the rule produce?

AA detection event rather than a detection alert

BA SOAR case with critical priority

CA parser extension warning

DA Cloud Monitoring metric only

Related Questions

In YARA-L 2.0, which section groups events over a time window?...

easy

What is the benefit of converting a successful Google SecOps search into a YARA-L rule?...

easy

To improve the usefulness of the alert graph for a custom YARA-L rule, which section should include ...

medium

Before enabling a new rule in production, an engineer wants to test it against older telemetry. Whic...

medium

A rule is firing on known benign admin behavior, but the team does not want to disable the entire ru...

medium

View all Detection engineering questions

Educational Content — CertQnA practice questions are written against official exam objectives, covering the same domains tested on the real exam. All content is original and independent — not actual exam questions, not affiliated with any certification vendor. Learn more about our content policy

Discussion

Be the first to share your understanding of this concept

⚠️ Discussion is for concept clarification only. Do not share or request actual exam questions or answers.