🔥 3-day streak
Professional Security Operations Engineer153 / 241
Question 153 of 241

A detection engineer is building a new YARA-L 2.0 multi-event rule in Google SecOps. The rule must be attributed to a specific analyst team, must automatically deprecate older rule iterations when a newer version is promoted, and must allow the SOC lead to filter all rules owned by the 'threat-detection' team in the rule dashboard. Which YARA-L rule construct should the engineer use to satisfy the ownership and filtering requirement without affecting detection logic?

Reviewed for accuracy · Report an issueNext question