Examice

Exam PCDRA All QuestionsBrowse all questions from this exam

Go to Exam

Question 76

What is the difference between presets and datasets in XQL?

A dataset is a Cortex data lake data source only; presets are built-in data source.

A dataset is a database; presets is a field.

A dataset is a built-in or third party source; presets group XDR data fields.

A dataset is a third-party data source; presets are built-in data source.

Correct Answer: C

A dataset in XQL can be either a built-in or third-party data source, whereas presets in XQL are used to group specific XDR data fields that help analyze particular aspects of network and endpoint activity.

Discussion

ChiquitabanditaOption: C

I agree with the link listed below

MatchaLatteOption: C

C https://docs-cortex.paloaltonetworks.com/r/Cortex-XDR/Cortex-XDR-XQL-Language-Reference/Datasets-and-Presets Datasets - The standard, built-in data source that is available in every Cortex XDR instance is the xdr_data dataset.This dataset is comprised of both raw EDR events reported by the Cortex XDR agent, and of logs from different sources such as third-party logs. Presets - Presets offer groupings of xdr_data fields that are useful for analyzing specific areas of network and endpoint activity.

7e078caOption: D

Use preset to use a pre-defined datasets in which data is stored from console description Answer: D