SC-200 Perform threat hunting • Set 12
SC-200 Perform threat hunting Practice Test 12 — 15 questions with explanations. Free, no signup.
You are reviewing a Microsoft Sentinel scheduled analytics rule definition (JSON). What is the purpose of the "triggerThreshold": 0 setting?
Refer to the exhibit.
```json
{
"properties": {
"displayName": "Hunt for Midnight Blizzard IOCs",
"description": "This hunting query looks for indicators associated with Midnight Blizzard.",
"tactics": ["InitialAccess", "Persistence"],
"relevantTechniques": ["T1566", "T1098"],
"queryText": "let IOCs = externaldata(...); ...",
"queryFrequency": "P1D",
"queryPeriod": "P14D",
"triggerOperator": "GreaterThan",
"triggerThreshold": 0
}
}
```