Microsoft Security Operations Analyst — Question 97
You need to visualize Microsoft Sentinel data and enrich the data by using third-party data sources to identify indicators of compromise (IoC).
What should you use?
Answer options
- A. notebooks in Microsoft Sentinel
- B. Microsoft Defender for Cloud Apps
- C. Azure Monitor
Correct answer: A
Explanation
The correct answer is A, as notebooks in Microsoft Sentinel allow for advanced data visualization and integration of third-party data sources to analyze potential threats. Options B and C do not provide the same level of integration and data enrichment capabilities specifically tailored for IoC identification.