Palo Alto Networks XSIAM Analyst — Question 10

Which two statements apply to IOC rules? (Choose two.)

Answer options

• A. They can be uploaded using REST API.
• B. They can have an expiration date of up to 180 days.
• C. They can be used to detect a specific registry key.
• D. They can be excluded using suppression rules but not alert exclusions.

Correct answer: A, B

Explanation

The correct answers are A and B because IOC rules can indeed be uploaded via REST API and can have an expiration date of up to 180 days. Options C and D are incorrect; while IOC rules can detect various elements, option C is too specific, and option D incorrectly states the exclusion mechanisms for alert management.