Splunk Observability Cloud Certified Metrics User — Question 27

Splunk Enterprise Security has numerous frameworks to create correlations, integrate threat intelligence, and provide a workflow for investigations. Which framework raises the threat profile of individuals or assets to allow identification of people or devices that perform an unusual amount of suspicious activities?

Answer options

• A. Threat Intelligence Framework
• B. Risk Framework
• C. Notable Event Framework
• D. Asset and Identity Framework

Correct answer: B

Explanation

The Risk Framework is correct because it specifically focuses on assessing and elevating the threat levels associated with individuals or assets based on their activities. The other options, while relevant to different aspects of threat intelligence and event management, do not directly address the concern of identifying unusual behaviors associated with risk assessment.