Which of the following is an example of a Falcon threat hunting lead?

Which of the following is an example of a Falcon threat hunting lead?
A . A routine threat hunt query showing process executions of single letter filename (e.g., a.exe) from temporary directories
B. Security appliance logs showing potentially bad traffic to an unknown external IP address
C. A help desk ticket for a user clicking on a link in an email causing their machine to become unresponsive and have high CPU usage
D. An external report describing a unique 5 character file extension for ransomware encrypted files

Answer: A

Explanation:

A Falcon threat hunting lead is a piece of information that can be used to initiate or guide a threat hunting activity within the Falcon platform. A routine threat hunt query showing process executions of single letter filename (e.g., a.exe) from temporary directories is an example of a Falcon threat hunting lead, as it can indicate potential malicious activity that can be further investigated using Falcon data and features. Security appliance logs, help desk tickets, and external reports are not examples of Falcon threat hunting leads, as they are not directly related to the Falcon platform or data.

Reference: https://www.crowdstrike.com/blog/tech-center/threat-hunting-leads-in-crowdstrike-falcon/

Latest CCFH-202 Dumps Valid Version with 60 Q&As

Latest And Valid Q&A | Instant Download | Once Fail, Full Refund

Subscribe
Notify of
guest
0 Comments
Inline Feedbacks
View all comments