Palo Alto Networks XSIAM Analyst — Question 9
During an investigation, an analyst runs the reputation script for an indicator that is listed as Suspicious. The new reputation results display in the War Room as Malicious; however, the indicator verdict does not change.
What is the cause of this behavior?
Answer options
- A. The indicator is expired.
- B. The indicator verdict was manually set to Suspicious.
- C. The indicator has been excluded.
- D. The indicator exists as an IOC rule.
Correct answer: B
Explanation
The correct answer is B because if the indicator's verdict was manually set to Suspicious, it would not automatically update to Malicious even if the reputation results changed. Options A, C, and D do not directly explain the behavior of the verdict not changing despite new reputation information.