Which two actions will allow a security analyst to review updated commands from the core pack and interpret the results without altering the incident audit? (Choose two)
A.
Run the core commands directly from the playground and invite other collaborators.
B.
Run the core commands directly from the Command and Scripts menu inside playground
C.
Create a playbook with the commands and run it from within the War Room
D.
Run the core commands directly by typing them into the playground CLI.
In Cortex XSIAM/XSOAR, the playground provides a safe environment for testing commands without modifying the incident audit log or impacting live incidents.
Option B:Running commands from the "Command and Scripts" menu within the playground allows review and interpretation of command outputs safely and isolated from actual incidents.
Option D:Typing commands directly into the playground CLI similarly enables secure review and interpretation of results without affecting the incident audit or live data.
Options A and C are incorrect because:
Option A invites collaboration, potentially impacting visibility or causing accidental changes.
Option C creates playbooks that execute directly within the War Room, thus interacting with real incidents.
=====================
Contribute your Thoughts:
Chosen Answer:
This is a voting comment (?). You can switch to a simple comment. It is better to Upvote an existing comment if you don't have anything to add.
Submit