Which module is used to augment detectors with external IP indicators in SecOps?

• A. ETD custom module using Configurable Bad IP template.
• B. SHA custom module using compute address resource.
• C. Custom posture combining prebuilt ETD and SHA detectors.
• D. Custom log sink with threat intel IPs.

Answer: (A)

Augmenting detectors with external threat indicators is achieved by using an ETD custom module configured with the Configurable Bad IP template. This approach brings in external IP indicators into the detector pipeline, enabling alerts whenever traffic involves IPs on your threat list. The template provides a structured way to define and manage those bad IPs, so detectors can automatically match events against them and raise timely alerts. This targeted method is purpose-built for integrating threat intel like malicious IP addresses, which is why it’s the best fit. Other options focus on different mechanisms (such as computing resources, combining detectors without a specific external IP feed, or routing logs) and don’t directly integrate external IP indicators into detectors.