🔥 3-day streak
Professional Security Operations Engineer204 / 241
Question 204 of 241
A detection engineer is building a YARA-L single-event rule to detect suspicious use of Windows Management Instrumentation (WMI) for remote execution. The SOC requires that every deployed rule be traceable to MITRE ATT&CK so that coverage reports can be generated automatically from the rule corpus. What is the BEST way to ensure this rule contributes to automated ATT&CK coverage reporting in Google SecOps?
Reviewed for accuracy · Report an issueNext question