Splunk Observability Cloud Certified Metrics User — Question 37

How are Notable Events configured in Splunk Enterprise Security?

Answer options

• A. During an investigation.
• B. As part of an audit.
• C. Via an Adaptive Response Action in a regular search.
• D. Via an Adaptive Response Action in a correlation search.

Correct answer: D

Explanation

The correct answer is D because Notable Events are generated through Adaptive Response Actions specifically in correlation searches, which analyze data patterns to detect security incidents. Options A and B do not accurately represent the configuration process, while option C refers to a regular search that does not trigger Notable Events.