What will be the effect if the security team chooses to Relearn on this image?

A security team notices a number of anomalies under Monitor > Events. The incident response team works with the developers to determine that these anomalies are false positives.

What will be the effect if the security team chooses to Relearn on this image?
A . The model is deleted, and Defender will relearn for 24 hours.
B . The anomalies detected will automatically be added to the model.
C . The model is deleted and returns to the initial learning state.
D . The model is retained, and any new behavior observed during the new learning period will be added to the existing model.

View Answer

Answer: D

Explanation:

In Prisma Cloud, when anomalies are detected and the security team chooses to Relearn on a specific image, the existing behavioral model for that image is not deleted. Instead, the system retains the model and enters a new learning period, during which it observes the behavior of the container based on the image. If new behaviors are observed during this period, they are added to the existing model, thereby refining and updating the model to reflect the current operational profile of the container. This approach allows for dynamic adaptation to changes in container behavior while preserving the valuable insights and patterns already established in the model. The Relearn function is part of Prisma Cloud’s adaptive capabilities, enabling it to maintain accurate and up-to-date behavioral models that reflect the evolving nature of containerized applications.