Palo Alto Networks XSIAM Engineer — Question 1

In which two locations can correlation rules be monitored for errors? (Choose two.)

Answer options

• A. XDR Collector audit logs (type = Rules, subtype = Error)
• B. correlations_auditing dataset through XQL
• C. Management audit logs (type = Rules, subtype = Error)
• D. Alerts table as a health alert

Correct answer: B, C

Explanation

The correct answers are B and C because they specifically refer to datasets and logs where correlation rule errors are tracked. Option A relates to XDR Collector logs which may not be focused on correlation rule errors, and option D pertains to alerts rather than direct monitoring of correlation rule errors.