In the "Full Detection Details", which view will provide an exportable text listing of events like DNS requests. Registry Operations, and Network Operations?
- The data is unable to be exported
- View as Process Tree
- View as Process Timeline
- View as Process Activity
Answer(s): D
Explanation:
According to the CrowdStrike Falcon Devices Add-on for Splunk Installation and Configuration Guide v3.1.5+, the Full Detection Details tool allows you to view detailed information about a detection, such as detection ID, severity, tactic, technique, description, etc. You can also view the events generated by the processes involved in the detection in different ways, such as process tree, process timeline, or process activity. The process activity view provides a rows-and-columns style view of the events, such as DNS requests, registry operations, network operations, etc. You can also export this view to a CSV file for further analysis.
Reveal Solution Next Question