Which alert deposition severity must be chosen to generate low and high severity alerts in the Anomaly settings when user wants to report on an unknown browser and OS, impossible time travel, or both due to account hijacking attempts?
Which alert deposition severity must be chosen to generate low and high severity alerts in the Anomaly settings when user wants to report on an unknown browser and OS, impossible time travel, or both due to account hijacking attempts?
To generate low and high severity alerts in the Anomaly settings when reporting on an unknown browser and OS, impossible time travel, or both due to account hijacking attempts, the correct severity level is 'Aggressive'. This setting is designed specifically for identifying unusual user activity, including detection of unknown browsers and operating systems or unusual consecutive logins from distant locations within a short time frame, which are common indicators of account hijacking attempts.
B https://docs.paloaltonetworks.com/prisma/prisma-cloud/prisma-cloud-admin/manage-prisma-cloud-administrators/define-prisma-cloud-enterprise-settings
B Alert Disposition - Aggressive Generate alerts for the events with unusual OS and unusual browser or consecutive logins from distant locations within short time (impossible time travel) or both the cases Alert Disposition - Conservative Generate alerts for only the events with consecutive logins from distant locations within short time (impossible time travel) High --> is referring to Training Model Threshold Moderate --> There isn't
Answer is B: Aggressive: For unusual user activity—Report on either unknown location or service, or both to classify an anomaly. For account hijacking—Report on unknown browser and Operating System, impossible time travel, or both. For anomalous compute provisioning activity—Reports on low and higher severity alerts.
it should be BD