Which settings indicate that the correlation search will run as new events are indexed?

The correct choice indicates that the correlation search runs as new events are indexed is "Scheduled." This type of setting is designed to assess incoming data continuously or at specific intervals, depending on how it is configured. When a correlation search is set to run in a scheduled manner, it can be set up to execute as data arrives, allowing it to identify relevant patterns or incidents based on the very latest information available.

While the other options reflect different operational modes of correlation searches, they do not specifically imply real-time assessment as data gets indexed. "Always-On" relates to searches that are always active, but not necessarily tied to the immediate indexing of events. "Real-Time" searches focus on immediate data analysis but usually involve continuous processing rather than being triggered by the indexing of new events. "Continuous" generally suggests a search that runs non-stop but lacks the typical contextual tie to correlations based on event indexing that a scheduled search does.

Thus, "Scheduled" is the appropriate setting when referring to correlation searches that actively run as new events are indexed, demonstrating an ongoing evaluation of incoming data streams.