Splunk Observability Cloud Certified Metrics User — Question 30
A Risk Notable Event has been triggered in Splunk Enterprise Security, an analyst investigates the alert, and determines it is a false positive. What metric would be used to define the time between alert creation and close of the event?
Answer options
- A. MTTR (Mean Time to Respond)
- B. MTBF (Mean Time Between Failures)
- C. MTTA (Mean Time to Acknowledge)
- D. MTTD (Mean Time to Detect)
Correct answer: A
Explanation
The correct answer is A, MTTR (Mean Time to Respond), as it specifically measures the time taken to respond to and resolve an alert. The other options do not apply: MTBF relates to failure rates, MTTA focuses on the time taken to acknowledge an alert, and MTTD measures the time to detect an incident, none of which encompass the full response and resolution timeframe.