🔥 3-day streak
Microsoft Cybersecurity Architect Expert130 / 158
Question 130 of 158

A financial services company operates Microsoft Sentinel as its SIEM. The threat intelligence team subscribes to a commercial threat feed provider that publishes indicators of compromise (IOCs) using an industry-standard transport and object format over HTTPS. The security architect must design a solution that automatically ingests these external IOCs into Sentinel so they can be matched against ingested logs and surfaced in analytics rules, without building and maintaining custom code. Which approach should the architect recommend?

Reviewed for accuracy · Report an issueNext question