Investigate App Flashcards

Question 1

Q

Search by Host Name or Agent ID

Answer

A

Host Search

Question 2

Q

Recommended range is 3 days

Answer

A

Host Search

Question 3

Q

Local IP

Answer

A

Host Info

Question 4

Q

Product Type

Answer

A

Host Info

Question 5

Q

Model

Answer

A

Host Info

Question 6

Q

File Name

Answer

A

Detect History

Question 7

Q

Scenario

Answer

A

Detect History

Question 8

Q

Description of the detection

Answer

A

Detect History

Question 9

Q

Logon Activities (30 days)

Answer

A

User Search

Question 10

Q

Detect History (30 days)

Answer

A

User Search (also Hash Search)

Question 11

Q

Unresolved Detects (7 days)

Answer

A

User Search (also Hash Search)

Question 12

Q

Process Executions

Answer

A

User Search (also Hash Search)

Question 13

Q

Admin Tool Usage

Answer

A

User Search

Question 14

Q

Files written such as JAR, OLE, OOXML, PDF, RAR, RTF, ZIP and dumps

Answer

A

User Search

Question 15

Q

Search for multiple space-delimited hashes

Answer

A

Hash Execution Search

Question 16

Q

Provides a summary of files that have been loaded or executed and the number of times those actions have occurred.

Answer

A

Hash Execution Search

Question 17

Q

Search by hash across all OSs

Answer

A

Hash Search

Question 18

Q

search by hash for exe and DLLs, not PDF or Doc

Answer

A

Hash Search

Question 19

Q

Hash written history for sha 256 only

Answer

A

Hash Search

Question 20

Q

Module Load History

Answer

A

Hash Search

Question 21

Q

Process Execution History

Answer

A

Hash Search (also User Search)

Question 22

Q

Detect history (14 days)

Answer

A

Hash Search (also User Search)

Question 23

Q

Unresolved detects (7 days)

Answer

A

Hash Search (also User Search)

Question 24

Q

search for host info by Source IP, Destination IP or External IP

Answer

A

IP Search

Question 25

Q

Search by 192.* OR CIDR

Answer

A

IP Search

Question 26

Q

search for detect and process execution history involving a domain or list of domains

Answer

A

Bulk Domain Search

Question 27

Q

allows you to use * goo* and search up to 100 domains at a time

Answer

A

Bulk Domain Search

Question 28

Q

Includes reports and searches to view data collected from endpoints, uses splunk query language

Answer

A

Event Search

Brainscape's Knowledge GenomeTM

Investigate App Flashcards

Brainscape's Knowledge Genome^TM