Paloalto Networks Security Operations XSIAM-Analyst Question # 6 Topic 1 Discussion

Correct answers areA and D.

Option A (Correct): IOC rules within Cortex XSIAM can detect specific indicators such as files, registry keys, IP addresses, hashes, and URLs.

Option D (Correct): IOC rules can indeed be uploaded or updated programmatically using REST APIs, enabling automation and bulk management.

Options B and C are incorrect due to the following reasons:

Expiration dates for IOC rules vary depending on system settings, and there is no strict 180-day limit explicitly defined in the provided documentation.

IOC rules are managed through general alert exclusion mechanisms as well as through suppression rules.

"IOC rules can detect specific files, hashes, registry keys, IP addresses, and URLs and can be managed programmatically via REST API."

Document Reference:EDU-270c-10-lab-guide_02.docx (1).pdf

Exact Page:Page 33 (Alerting and Detection section)