🔥 3-day streak
Microsoft Security Operations Analyst184 / 190
Question 184 of 190
Your SOC receives threat indicators from two sources. A commercial vendor exposes a TAXII 2.1 server that continuously publishes STIX 2.1 collections, and an internal threat team produces small daily batches of custom indicators from a proprietary script. You must ingest both into Microsoft Sentinel with the least ongoing maintenance and without deploying additional infrastructure. Which approach should you configure?
Reviewed for accuracy · Report an issueNext question