Palo Alto Networks XSIAM Analyst — Question 17

What is the cause when alerts generated by a correlation rule are not creating an incident?

Answer options

• A. The rule does not have a drill-down query configured.
• B. The rule is configured with alert severity below Medium.
• C. The rule has alert suppression enabled.
• D. The rule is using the preconfigured Cortex XSIAM alert field mapping.

Correct answer: C

Explanation

The correct answer is C because when alert suppression is enabled, it prevents the alerts from triggering an incident. Options A and B are incorrect because they do not directly prevent the creation of incidents, and D is not relevant to the incident creation process.