Learn what occurs when clicking “Exclude from results” on the Statistics tab in CrowdStrike’s Event Search. Understand how search results are updated based on field value pairs.
Table of Contents
Question
While on the Statistics tab in Event Search you can click on results to perform a number of actions.
If you select “Exclude from results” what happens?
A. It will update the Search to remove that field name from results
B. It will update the Search to remove results matching on the field valid pair
C. There is no Exclude form results option
D. It will update the Search to remove that results matching the value
Answer
B. When you select “Exclude from results” on the Statistics tab in CrowdStrike’s Event Search, it will update the search to remove results that match the specific field value pair you selected.
Explanation
The Statistics tab in CrowdStrike’s Event Search provides a summary of the most common values for various fields in the current search results. Next to each value, there are options to either drill down into those specific results or exclude them.
If you click “Exclude from results” for a particular field value pair, the Event Search will be automatically updated to filter out any results that match that exact field and value combination. This allows you to quickly refine your search to eliminate irrelevant results.
For example, let’s say your search returns 1000 results, and in the Statistics tab you see that 300 of them have a device_os_version field value of “Windows 10”. If you select “Exclude from results” next to “Windows 10”, your search will refresh and now return only the 700 results that have a different value for device_os_version (or have no value at all for that field).
So in summary, “Exclude from results” removes all results matching the specific field value pair, rather than removing either the field name itself (option A) or just the raw value without regard to the field name (option D). And this functionality definitely exists, so option C is incorrect.
CrowdStrike CCFH-202 certification exam practice question and answer (Q&A) dump with detail explanation and reference available free, helpful to pass the CrowdStrike CCFH-202 exam and earn CrowdStrike CCFH-202 certification.