Which two field values are you required to obtain to perform a Process Timeline search so you can determine what the process was doing?

CCFR-201 0 Comments

After pivoting to an event search from a detection, you locate the ProcessRollup2 event.

Which two field values are you required to obtain to perform a Process Timeline search so you can determine what the process was doing?
A . SHA256 and TargetProcessld_decimal
B . SHA256 and ParentProcessld_decimal
C . aid and ParentProcessld_decimal
D . aid and TargetProcessld_decimal

Answer: D

Explanation:

According to the CrowdStrike Falcon Devices Add-on for Splunk Installation and Configuration Guide v3.1.5+, the Process Timeline search requires two parameters: aid (agent ID) and TargetProcessId_decimal (the decimal value of the process ID). These fields can be obtained from the ProcessRollup2 event, which contains information about processes that have executed on a host1.

Latest CCFR-201 Dumps Valid Version with 60 Q&As

Latest And Valid Q&A | Instant Download | Once Fail, Full Refund

Instant Download CCFR-201 PDF     CCFR-201 Questions Online Training
Subscribe
Notify of
guest
0 Comments
Inline Feedbacks
View all comments