🔥 3-day streak
Professional Security Operations Engineer151 / 241
Question 151 of 241
A detection engineer is maintaining a YARA-L single-event rule that flags process executions matching a curated list of known malicious file hashes derived from a threat intel feed. The list currently holds about 40 hashes hard-coded as a string literal comparison chain in the rule using multiple 'or' conditions. The intel team now delivers roughly 2,000 new hashes weekly and wants the detection updated without editing rule logic each time or triggering a full rule re-approval. Which approach best supports this requirement in Google SecOps?
Reviewed for accuracy · Report an issueNext question