Palo Alto Networks XSIAM Engineer — Question 32

How can a Cortex XSIAM engineer resolve the issue when a SOC analyst escalates missing details after merging two similar incidents?

Answer options

• A. Check the War Room of the destination incident.
• B. Examine the incident context of the source incident.
• C. Unmerge the incidents and copy the missing details into the incident notes.
• D. Check the child incident of the destination incident.

Correct answer: A

Explanation

The correct answer is A because the War Room of the destination incident contains relevant details that may have been lost during the merging process. Options B and D do not directly address the problem of missing details in the merged incident, while option C suggests unmerging, which is unnecessary if the information can be retrieved from the War Room.