Q: 1
What is a primary use case of lookup tables in Cortex XDR?
Options
Discussion
A. Lookup tables are for correlating outside info with internal XDR data, not for creating datasets or auto reports.
Option A Not B-lookup tables aren’t for auto-dataset creation, mostly used for enrichment.
D
A tbh
A is what makes sense here. The main use of lookup tables in Cortex XDR is to bring in extra info from outside sources (like threat intel or asset lists) and match it up with your internal logs. Not really for running playbooks or making reports directly. Pretty sure that's correct, unless Palo's changed something lately.
A is the right pick here. Lookup tables let you correlate external data like threat intel or asset lists with internal logs, which is super useful during investigations. They're not really for running playbooks (C) or generating reports (D) on their own. Pretty sure that's what Palo Alto expects, but if anyone's seen a different use case in practice let me know.
C or D for me. Lookup tables could be used to trigger playbooks or help generate reports, right? Not 100 percent sure though, someone let me know if that's not possible.
My pick: it's A, since lookup tables are mainly about adding external context like threat intel to what XDR already has. Saw a similar question in some exam reports. Someone correct me if I'm off.
Lookup tables are mainly for matching external data, like threat intel, with what XDR already has. That's A. Haven't seen any docs where they're used to generate reports directly, so pretty sure this is right but feel free to correct me.
Not D, that's a common trap since generating exclusion reports isn't the main thing lookup tables do. A is more accurate here.
Be respectful. No spam.
