Running SOC-ML Anomaly in Flighting Mode | Microsoft SC-200 Exam

Running SOC-ML Anomaly in Flighting Mode

Question

Running a SOC-ML anomaly in flighting mode allows you to run two versions of the same rule in parallel.

Answers

Explanations

Click on the arrows to vote for the correct answer

A. B.

Correct Answer: A.

Home > Azure Sentinel >

Analytics rule wizard - Edit existing rule
(Preview) Attempted computer bruteforce - Customized

Production Mode

Another instance of this anomaly already exists in Production ((Preview) Attempted computer bruteforce). Turning the current rule to “Production” will reset the
mode of the existing one to “Flighting’. Are you sure you want to change it to "Production"?

=o)

Reference:

The statement "Running a SOC-ML anomaly in flighting mode allows you to run two versions of the same rule in parallel" is true.

SOC-ML (Security Operations Center - Machine Learning) is a system that uses machine learning algorithms to detect anomalies in network traffic and identify potential security threats. The system uses rules to identify these anomalies and alerts security analysts to investigate and remediate the issues.

Flighting mode is a feature in SOC-ML that allows for the testing of new or updated rules before they are fully implemented in production. This mode allows for two versions of the same rule to be run in parallel, one version being the current production version and the other being the updated or new version in testing.

This approach enables security analysts to compare the performance of the new rule against the existing rule and determine whether it will provide better detection accuracy or generate fewer false positives. In addition, it allows for testing of the new rule on a subset of the traffic to ensure it performs as expected before it is deployed to the entire network.

In conclusion, running a SOC-ML anomaly in flighting mode does allow for two versions of the same rule to be run in parallel, making it a useful tool for testing and evaluating the performance of new rules before they are fully deployed.