🔥 3-day streak
Professional Security Operations Engineer127 / 241
Question 127 of 241
Your SOC's SecOps SOAR platform runs a triage playbook that fires on every phishing alert. The playbook enriches each sender IP and URL against a third-party threat intelligence vendor whose API enforces a strict rate limit of 100 lookups per minute. During a large phishing campaign, hundreds of near-identical alerts arrive within a few minutes, and the playbook begins failing enrichment steps because the API returns HTTP 429 (Too Many Requests). Analysts complain that cases now open with empty enrichment context. Which change to the playbook best preserves enrichment quality while respecting the vendor's rate limit?
Reviewed for accuracy · Report an issueNext question