To find events that are outliers inside a network, ___________is the best hunting method to use.
Which of the following is a way to create event searches that run automatically and recur on a schedule that you set?
Which of the following is a recommended technique to find unique outliers among a set of data in the Falcon Event Search?
Adversaries commonly execute discovery commands such as net.exe, ipconfig.exe, and whoami.exe. Rather than query for each of these commands individually, you would like to use a single query with all of them. What Splunk operator is needed to complete the following query? aid=my-aid event_simpleName=ProcessRollup2 (FileName=net.exe __________ FileName=ipconfig.exe _________ FileName=whoami.exe) | table ComputerName UserName FileName CommandLine
You would like to search for ANY process execution that used a file stored in the Recycle Bin on a Windows host. Select the option to complete the following EAM query. aid=my-aid ImageFileName=________ event_simpleName=ProcessRollup2
Which of the following is a suspicious process behavior?
