Your SOC is implementing a Microsoft Sentinel workspace with multiple content hub solutions. You need to ensure that only approved analytics rules are enabled and that any custom rules are reviewed before activation. Which THREE actions should you take?
CI/CD pipelines enforce approval workflows before rules are deployed.
Why this answer
Option A (Repositories) allows CI/CD to control rule deployment. Option B (Content hub) allows selecting only approved solutions. Option E (Automation rules) can disable unapproved rules when created.
Option C is for threat intelligence, not rule management. Option D is for hunting, not rule approval.