How would context data be filtered to receive only malicious indicator values with DBotScore?
How would context data be filtered to receive only malicious indicator values with DBotScore?
To filter context data to receive only malicious indicator values with DBotScore, you need to select the option with the condition that aligns with the classification defined by DBotScore. According to the DBot scoring system, a DBotScore of 3 indicates a 'malicious' score. Therefore, you should filter DBotScore.value where DBotScore.Score equals 3, as this is the score specifically designated for malicious indicators.
This question makes no sense. 'Malicious' is not a dbotscore. Bad is so if you equate malicious to bad it is '3'. However there is no property 'value' for DBotScore. So there are no answers correct. So the question is just badly worded. So A if you think dbotscore.value (which does not exist) or D but value 2 equates to 'Suspicious'...
Whoops, B if you want to use '3' as the answer and D for Suspicious.
some info about dbot score. 0-1-2-3 https://xsoar.pan.dev/docs/integrations/dbot