ExamTopics Logo
Mail Us[email protected]
Menu
Palo-Alto-Networks Discussions
exam questions

Exam PCSAE All Questions

View all questions & answers for the PCSAE exam
Go to Exam

Exam PCSAE topic 1 question 35 discussion

Actual exam question from Palo Alto Networks's PCSAE
Question #: 35
Topic #: 1
[All PCSAE Questions]

DRAG DROP -
Arrange these steps in the order that they occur during an incident fetch.
Select and Place:

Show Suggested Answer Hide Answer
Suggested Answer:
by randomnametester at April 16, 2022, 7:23 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
pawkers
Highly Voted 1 year, 6 months ago
I do not think so. It should be like that: Integration performs Classification is applied Mapping is applied Incident is created (before incident creation it should be also pre-process rule step)
upvoted 14 times
Sarppp
11 months, 1 week ago
Wrong, when you just search 'lifecycle of an incident in xsoar' you will see that in order: 1)Event Data Ingestion 2)Incident-Object Creation 3)Classification 4)Mapping 5)Pre-Process 6)Incident Process 7)Incident Management
upvoted 1 times
...
appopay
1 year ago
the incident object is created right after the integration performs, after the mapping and pre-process, the incident is made to be available. but in fact it is created right after the integration performs. source beacon: Palo Alto Networks Certified Security Automation Engineer (PCSAE) -> Cortex XSOAR: SOAR Engineer Training -> Incident Classification and Mapping
upvoted 1 times
...
...
thorodp
Highly Voted 1 year, 10 months ago
For future reference. This is wrong. The correct order is: Integration performs Incident is created Classification is applied Mapping is applied
upvoted 11 times
PenguPC
1 year, 9 months ago
I agree https://xsoar.pan.dev/docs/integrations/fetching-incidents
upvoted 3 times
...
...
lawyyyy
Most Recent 4 months, 4 weeks ago
All is wrong based on this https://xsoar.pan.dev/docs/reference/packs/incident-lifecycle#classification-and-mapping Ingest > classification > mapping > incident creation
upvoted 1 times
...
franko_72
1 year ago
Stage One: Event-Data Ingestion The incident lifecycle begins when an integration fetches an event. You can configure integrations in Cortex XSOAR to fetch event data from various sources, such as a SIEM, EDR, a firewall, and other security systems and services. Stage Two: Incident Object Creation Cortex XSOAR uses the event data fetched by an integration to create an incident object and populates it with raw event data. Stage Three: Classification Cortex XSOAR identifies the type of incident based on the classifier object selected in the integration configuration settings. If you have not selected any classifier, then the integration uses the default classifier of the integration. Cortex XSOAR will identify an incident as Unclassified if no default classifier exists or if the type of an incident cannot be identified. Stage Four: Mapping The raw event data ingested by an integration gets mapped to existing fields in Cortex XSOAR. The fields display incident data to analysts in the Cortex XSOAR graphical user interface (GUI). Ingestion >> Incident Creation >> Classification >> Mapping is the 100% correct answer
upvoted 4 times
...
randomnametester
2 years, 3 months ago
This is wrong
upvoted 1 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel