🔥 3-day streak
Professional Security Operations Engineer161 / 241
Question 161 of 241

A detection engineer has authored a new multi-event YARA-L rule in Google SecOps intended to detect credential dumping followed by lateral movement. Before enabling it for live alerting across production, the team wants to validate that the rule fires on known malicious activity without generating excessive noise, and they need evidence to support promoting it through their change-control process. Which approach best supports safe promotion of this rule into production alerting?

Reviewed for accuracy · Report an issueNext question