🔥 3-day streak
Professional Security Operations Engineer45 / 241
Question 45 of 241

A security operations team ingests findings from both Security Command Center (SCC) Premium and Google SecOps into a single case management workflow. Analysts complain that the same GCP VM compromise generates one SCC finding (from a built-in detector) and one SecOps detection (from a YARA-L rule that consumes SCC findings forwarded into SecOps), producing duplicate cases. Leadership wants to preserve both tools but eliminate the duplicate case creation while keeping SecOps as the correlation and investigation hub. What is the most appropriate architectural adjustment?

Reviewed for accuracy · Report an issueNext question