https://docs.paloaltonetworks.com/pan-os/u-v/custom-app-id-and-threat-signatures/custom-application-and-threat-signatures/create-a-custom-threat-signature/create-a-combination-signature

A is corect

A is correct, checked in lab, what VenomX51 is saying is true.

The answer is A This is exactly how brute force threat ID is triggered. It watches a separate threat ID (failed auth attempt, which is an alert by default), and has a time event that if that monitored threat ID is triggered x times in y seconds by the same source IP, then the brute force threat is triggered, and can then take a different action such as block IP. You would create a custom spyware profile to do the same; trigger when x has occurred y times in z seconds. A correlation object does not trigger anything. It pulls data from multiple sources and can create a log entry when it's defined conditions are met.

To trigger a known spyware threat signature based on a rate of occurrence (e.g., 10 hits in 5 seconds), you need to add a correlation object that tracks the occurrences and triggers an alert or action when the specified threshold is met. This correlation object monitors the frequency of the spyware signatures and ensures that action is taken only when the threshold is exceeded, providing more granular control over threat detection and response. References: Palo Alto Networks Threat Prevention and Correlation Objects documentation.

Correct answer it´s b B. https://docs.paloaltonetworks.com/pan-os/9-1/pan-os-admin/monitoring/use-the-automated-correlation-engine/automated-correlation-engine-concepts/correlation-object

A is correct, see the link from nobody165456131354

A is correct, see the link from nobody165456131354