Implementing and Operating Cisco Security Core Technologies (SCOR) — Question 537

Which action adds IOCs to customize detections for a new attack?

Answer options

• A. Use the initiate Endpoint 1OC scan feature to gather the IOC information and push it to clients.
• B. Upload the 10Cs into the Installed Endpoint IOC feature within Cisco Secure Endpoint.
• C. Add a custom advanced detection to include the 1OCs needed within Cisco Secure Endpoint.
• D. Modify the base policy within Cisco Secure Endpoint to include simple custom detections.

Correct answer: C

Explanation

Option C is correct because it specifically addresses the need to create a custom advanced detection that incorporates the required IOCs within Cisco Secure Endpoint. The other options either focus on gathering or uploading information without customizing the detection process, which is essential for addressing new threats.