Paloalto Networks Security Operations XSIAM-Analyst Question # 9 Topic 1 Discussion

Comprehensive and Detailed Explanation From Exact Extract:

The correct answer isD – Anomaly.

In Cortex XSIAM,Anomaly analyticsare designed to trigger alerts when a monitored activity deviates significantly from the established baseline or historical average. In the image, the "Failed login by non-existent users on host" metric remains at zero for several days and then suddenly spikes to 267 and 381—far above the average threshold. This significant deviation from the established norm is identified by the analytics engine as ananomalyand will trigger an alert for further investigation.

“Anomaly analytics identify significant deviations from established baselines or averages, such as unusual spikes in failed login attempts or other behavioral outliers, and trigger alerts for potential threats.”

Document Reference:XSIAM Analyst ILT Lab Guide.pdf

Page:Page 28 (Alerting and Detection section)