Palo Alto Networks System Engineer – Strata — Question 35

A customer is looking for an analytics tool that uses the logs on the firewall to detect actionable events on the network. They require something to automatically process a series of related threat events that, when combined, indicate a likely compromised host on their network or some other higher level conclusion. They need to pinpoint the area of risk, such as compromised hosts on the network, allows you to assess the risk and take action to prevent exploitation of network resources.
Which feature of PAN-OS can you talk about to address their requirement to optimize their business outcomes?

Answer options

• A. The Automated Correlation Engine
• B. Cortex XDR and Cortex Data Lake
• C. WildFire with API calls for automation
• D. 3rd Party SIEM which can ingest NGFW logs and perform event correlation

Correct answer: A

Explanation

The Automated Correlation Engine is specifically designed to analyze logs and detect patterns that indicate potential threats, aligning perfectly with the customer's need to identify compromised hosts and assess risk. Options B and C, while useful for other purposes, do not focus primarily on log analysis for threat detection like the Automated Correlation Engine does. Option D involves third-party solutions, which may not provide the integrated functionality that the customer is looking for within PAN-OS.