Which of the following is an adaptive action that is configured by default for ES?
Which of the following is an adaptive action that is configured by default for ES?
Creating a notable event is an adaptive action that is configured by default in Splunk Enterprise Security (ES). This action is leveraged to generate notable events based on the outcomes of correlation searches, enabling security analysts to review and take necessary actions.
Answer is B. https://docs.splunk.com/Documentation/ES/6.6.2/Admin/Configureadaptiveresponse#Included_adaptive_response_actions
maybe correct answer is B
Most likely!
The correct answer is B
B. Create notable event
Creating a notable event is an adaptive action that is configured by default in Splunk Enterprise Security (ES). This action is used to generate notable events based on the results of correlation searches, which can then be reviewed and acted upon by security analysts.