[&] Which aspect of TheHive platform aids in handling observables like IOCs?
- Case Management
- Cortex Integration -- Correct
- Task Assignment
- Alert Ingestion

[&] What is a key benefit of using an incident management platform like TheHive?
- It serves as a central hub for managing and coordinating responses to incidents -- Correct
- It only allows for case management without tracking or collaboration features
- It eliminates the need for SOC analysts
- It automatically prevents all security incidents from occurring

[&] In the context of TheHive, what is an 'observable'?
- A report generated for compliance purposes
- A security alert from a SIEM
- An indicator that can be analyzed or enriched -- Correct
- A task to be completed during an investigation

[&] What does the TLP classification system in TheHive indicate?
- The priority level of the incident case
- The timeframe required for resolving an incident
- The specific tasks an analyst must perform
- The sensitivity of information and how it can be shared -- Correct

[&] What is a key feature of Cortex when integrated with TheHive?
- It provides a virtual assistant for the SOC team
- It automates the enrichment of IOCs within the Hive -- Correct
- It restricts collaboration between incident responders
- It serves as a backup database for all incident cases