🔥 3-day streak
Professional Security Operations Engineer32 / 241
Question 32 of 241

Your SOC relies on roughly 400 active YARA-L detection rules in Google SecOps. Over the past quarter, an internal audit found that one high-value rule had silently stopped producing detections for six weeks because an upstream schema change caused the referenced UDM field to always be empty — no errors were raised. Leadership asks you to design an observability control that would surface this class of failure going forward. Which approach most directly detects rules that have silently gone dormant?

Reviewed for accuracy · Report an issueNext question