Splunk Enterprise Security Certified Admin — Question 88

Which of the following is an adaptive action that is configured by default for ES?

Answer options

• A. Create new asset
• B. Create notable event
• C. Create investigation
• D. Create new correlation search

Correct answer: B

Explanation

The correct answer is B, as creating a notable event is a default action configured in ES to help in incident management. The other options, while relevant to security operations, are not set as default adaptive actions in ES.