You have found a hash-based indicator of compromise (IOC) in an intelligence report and want to determine if the program has run in your environment. Which search would provide all of the process’ executions over the timeframe specified?
While on the Statistics tab in Event Search you can click on results to perform a number of actions.If you select “Exclude from results” what happens?
Event Search queries in Falcon are powered by which query language?
What is the purpose of the rename command in this query?event_simpleName=ProcessRollup2 [search event_simpleName=ProcessRollup2 FileName=excel.exe | rename TargetProcessId_decimal AS ParentProcessId_decimal | fields aid ParentProcessId_decimal] | stats count by FileName CommandLine
Which event field contains the Falcon generated ID for a process?
You initiate a search with the following query:event_simpleName=UserLogon | table _time ComputerName UserNameWhat results will display?
