Which two features can be used together to automatically execute a search on a remote SIEM for extracted IP Indicators? (Choose two.).
Correct Answer: C,D
XSOAR automates indicator-driven actions through various trigger types. To execute a search automatically on a remote SIEM when new IP indicators are extracted, two components are needed:
* Feed-triggered job (D)- The Admin Guide explains that jobs can be triggered when a feed updates.
When new indicators are fetched, a feed-triggered job can automatically start a playbook.
* Integration command (C)- The playbook executed by the job can call SIEM integration commands (such as siem-search, query-log, or custom search commands). These commands send API queries to the remote SIEM and return event/log results.
Reputation scripts (option A) evaluate or enrich indicators but do not execute SIEM searches. Enhancement scripts (option B) add contextual data to indicators but not remote searches.
Thus, the correct pair supported by XSOAR automation architecture is:
#Integration Commandto perform the SIEM query
+
#Feed-Triggered Jobto automatically initiate the action when new IP indicators appear.
This reflects XSOAR's feed-driven automation workflow.