What EDR feature provides endpoint activity recorder data for a file hash?

What EDR feature provides endpoint activity recorder data for a file hash?
A . Process Dump
B . Entity Dump
C . Hash Dump
D . Full Dump

View Answer

Answer: B

Explanation:

In Symantec Endpoint Detection and Response (EDR), the Entity Dump feature provides detailed activity recorder data related to a specific file hash. This data is essential for understanding the behavior and origin of a suspicious file, as well as tracking its activity across endpoints. Here’s how it works:

Hash-Based Search: The EDR solution allows the administrator to search by file hash, which helps retrieve a history of the file’s interactions and activities.

Entity Dump Retrieval: Selecting the Entity Dump option provides comprehensive data, including process execution, file modification, network connections, and other endpoint interactions related to the file.

Enhanced Threat Analysis: By analyzing this information, the administrator gains insights into how the threat may have propagated, aiding in containment and mitigation efforts.

The Entity Dump is thus a vital tool in forensic analysis, providing detailed endpoint activity data for specified file hashes.