Exam XSIAM-Analyst Topic 2 Question 64 Discussion

Actual exam question for Palo Alto Networks's XSIAM-Analyst exam
Question #: 64
Topic #: 2
Two security analysts are collaborating on complex but similar incidents. The first analyst merges the two incidents into one for easier management. The other analyst immediately discovers that the custom incident field values relevant to the investigation are missing.
How can the team retrieve the missing details?

Suggested Answer: B Vote an answer

The correct answer isB - Unmerge the incidents to capture the missing details.
When incidents are merged in Cortex XSIAM, custom field values from the source (secondary) incident are not always automatically transferred to the destination (primary) incident. The recommended way to retrieve the missing custom incident field values is tounmergethe incidents. This action restores the original incidents, including all their individual fields and context, allowing analysts to access and capture the missing details.
"If incident field values are missing after a merge, unmerging incidents will restore the original context and custom field data from each incident." Document Reference:XSIAM Analyst ILT Lab Guide.pdf Page:Page 45 (Incident Handling section)

by Allen at Jun 20, 2026, 12:39 PM

Limited Time Offer

15%

Off

Get Premium XSIAM-Analyst Questions as Interactive Self Test Engine or PDF

Comments

Chosen Answer:
This is a voting comment (?) , you can switch to a simple comment.
Switch to a voting comment New
Nick name: Submit Cancel
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
0
0
0
10