Microsoft Security Operations Analyst — Question 13

You have an Azure subscription that contains a Microsoft Sentinel workspace. The workspace contains a Microsoft Defender for Cloud data connector.

You need to customize which details will be included when an alert is created for a specific event.

What should you do?

Answer options

• A. Enable User and Entity Behavior Analytics (UEBA).
• B. Create a Data Collection Rule (DCR).
• C. Modify the properties of the connector.
• D. Create a scheduled query rule.

Correct answer: D

Explanation

The correct answer is D, as creating a scheduled query rule allows for customization of alert details based on specific events. Options A and B do not directly address alert customization, while C involves changing connector properties, which does not specifically tailor alert content.