🔥 3-day streak
Professional Security Operations Engineer78 / 241
Question 78 of 241
A security operations engineer is evaluating the effectiveness of a newly onboarded firewall log source in Google SecOps. The logs are being ingested successfully and appear in raw log search, but analysts report that YARA-L detection rules referencing fields like principal.ip and target.port are not triggering, even though the underlying activity is present in the raw data. The engineer confirms the correct parser exists but suspects a coverage problem. What is the MOST likely root cause and appropriate corrective action?
Reviewed for accuracy · Report an issueNext question