Palo Alto Networks Security Operations Professional — Question 2

A customer is investigating a security incident in which unusual network traffic is observed and a malicious process is identified on an endpoint.
Which Cortex XDR capability assists with correlating firewall network logs and endpoint data in this environment?

Answer options

• A. Log stitching
• B. User authentication management
• C. Indicator of compromise (IOC) rule
• D. Analytics

Correct answer: D

Explanation

The correct answer is D, Analytics, as it enables the correlation of various data points, including firewall logs and endpoint activity, to identify and analyze security incidents. Options A, B, and C do not provide the comprehensive analysis required for correlating these types of data effectively.