Splunk SOAR Certified Automation Developer — Question 34

Which of the following items apply to anomaly detection? (Choose all that apply.)

Answer options

• A. Use AD on KPIs that have an unestablished baseline of data points. This allows the ML pattern to perform it’s magic.
• B. A minimum of 24 hours of data is needed for anomaly detection, and a minimum of 4 entities for cohesive analysis.
• C. Anomaly detection automatically generates notable events when KPI data diverges from the pattern.
• D. There are 3 types of anomaly detection supported in ITSI: adhoc, trending, and cohesive.

Correct answer: B, C

Explanation

Option B is correct because it highlights the need for sufficient data and entities for effective analysis in anomaly detection. Option C is also correct as it describes the automatic generation of notable events when there's a deviation from the norm. Options A and D are incorrect as they either misstate the requirements or do not reflect the standard types recognized in anomaly detection.