Splunk Observability Cloud Certified Metrics User — Question 6

Which of the following Splunk Enterprise Security features allows industry frameworks such as CIS Critical Security Controls, MITRE ATT&CK, and the Lockheed Martin Cyber Kill Chain® to be mapped to Correlation Search results?

Answer options

• A. Annotations
• B. Playbooks
• C. Comments
• D. Enrichments

Correct answer: A

Explanation

The correct answer is A, Annotations, as it specifically allows the mapping of various industry frameworks to Correlation Search results. Options B, C, and D do not provide the same functionality related to mapping frameworks to search results, making them incorrect in this context.