You are reviewing the raw data in an event search from a detection tree. You find a FileOpenlnfo event and want to find out if any other files were opened by the responsible process. Which two field values do you need from this event to perform a Process Timeline search?
The Bulk Domain Search tool contains Domain information along with which of the following?
Aside from a Process Timeline or Event Search, how do you export process event data from a detection in .CSV format?
How long are quarantined files stored on the host?
Which statement is TRUE regarding the "Bulk Domains" search?
The primary purpose for running a Hash Search is to:
What do IOA exclusions help you achieve?
How long are quarantined files stored in the CrowdStrike Cloud?
How does a DNSRequest event link to its responsible process?
Sensor Visibility Exclusion patterns are written in which syntax?
What happens when a hash is set to Always Block through IOC Management?
When reviewing a Host Timeline, which of the following filters is available?
What is an advantage of using the IP Search tool?
What action is used when you want to save a prevention hash for later use?
When examining raw event data, what is the purpose of the field called ParentProcessld_decimal?
A list of managed and unmanaged neighbors for an endpoint can be found:
What is the difference between Managed and Unmanaged Neighbors in the Falcon console?
Which of the following is NOT a filter available on the Detections page?