Palo Alto Networks Certified Security Automation Engineer (PCSAE) — Question 131

An XSOAR engineer has been tasked with exporting all indicators from the production environment in the last 90 days. The final report needs to be in CSV format containing all indicator fields. How can this task be achieved?

Answer options

• A. Run the command !GetIndicatorsByQuery in CLI with its default arguments and export all indicators in the last 90 days.
• B. SSH into the server and copy the indicator's database.
• C. In the Threat Intel page, add query firstSeen:>="90 days ago", select All columns in Table View, and click Export to export as a CSV.
• D. Run the command !findIndicators in CLI with the query firstSeen:>="90 days ago" and export to CSV.

Correct answer: C

Explanation

Option C is correct because it directly utilizes the Threat Intel page with the appropriate query and allows for exporting to CSV, fulfilling all requirements. Option A does not provide a way to export the data in CSV format. Option B is not a suitable method as it involves directly accessing the database, which could cause issues. Option D, while it retrieves the correct data, does not specify the export to CSV directly from the CLI command.