Palo Alto Networks Security Operations Professional — Question 9
A file hash is evaluated a Cortex XSOAR by using two unique threat feeds:
VirusTotal feed (rating of B- usually reliable) and the file verdict is malicious
AlienVault feed (rating of B- usually reliable) and the file verdict is benign
What is the file verdict in XSOAR?
Answer options
- A. Benign
- B. Malicious
- C. Unknown
- D. Suspicious
Correct answer: B
Explanation
The overall verdict in Cortex XSOAR is determined by the most severe classification from the threat feeds. Since the VirusTotal feed indicates the file is malicious, this verdict takes precedence over the benign rating from AlienVault, leading to a final classification of malicious.