Q: 5
Which of the following alert sources can provide identity-based alerts?
Options
Discussion
Option A, Saw a similar question in some exam practice, directory services is the only thing here that gives real user identity info for alerts.
A tbh
A imo. Only directory services integration (like AD) lets Cortex XDR tie alerts to specific user identities, which is what you need for true identity-based alerts. DNS or AV logs don’t map directly to user objects. Anyone see this differently?
A, Directory services integration
Be respectful. No spam.
