Valid Security-Operations-Engineer Dumps shared by EduDump.com for Helping Passing Security-Operations-Engineer Exam! EduDump.com now offer the newest Security-Operations-Engineer exam dumps, the EduDump.com Security-Operations-Engineer exam questions have been updated and answers have been corrected get the newest EduDump.com Security-Operations-Engineer dumps with Test Engine here:
You are writing a detection rule in Google Security Operations (SecOps) SIEM that sends a risk score to the alert. You have access to Google Threat Intelligence (GTI) data through your Google SecOps subscription. You need to ensure that the threat score output in the detection logic informs the alert's risk score and is available for future detections. What should you do?
Correct Answer: A
The correct method is to use the outcomes section of the YARA-L detection logic to apply logic on UDM enrichment fields (including GTI data), calculate the total risk outcome, and store it in the risk_score variable. This ensures the risk score is attached to the alert and available for correlation in future detections.