You can star security events in which two ways? (Choose two.)
You can star security events in which two ways? (Choose two.)
You can star security events in two ways: manually star an alert or incident. This can be done by directly marking the alert or incident after reviewing it. Creating configurations to star alerts or incidents is not a correct way to directly star individual security events.
I am confused here, the documentation says to create an incident starring configuration, but in the configuration setting it says "Create New Alert Starring Configuration"
can manually star incident and using Starred Alerts rule under Incident Configuration
You can manually star an incident after reviewing it, or you can create an incident starring configuration that automatically categorizes and stars incidents when a related alert contains the specific attributes that you decide are important. https://docs-cortex.paloaltonetworks.com/r/Cortex-XDR/Cortex-XDR-Prevent-Administrator-Guide/Manage-Incident-Starring
I guess B and D are correct.
AD: You can star incidents in two ways: You can manually star an incident after reviewing it, or you can create an incident starring configuration
The correct answer is B and D. From the Study Guide. Incident related starring
https://docs-cortex.paloaltonetworks.com/r/Cortex-XDR/Cortex-XDR-Prevent-Administrator-Guide/Manage-Incident-Starring You can manually star an incident after reviewing it, or you can create an incident starring configuration that automatically categorizes and stars incidents when a related alert contains the specific attributes that you decide are important.
AD for sure
From stduy guıde: You can star incidents in two ways: You can manually star an incident after reviewing it, or you can create an incident-starring configuration that automatically categorizes and stars incidents when a related alert contains the specific attributes that you decide are important.