Learn how pivoting to an Event Search from a detection’s details in CrowdStrike allows analysts to view related event data in a +/-10 minute window and access Event Actions.
Table of Contents
Question
When looking at a detection’s details, you can pivot to an Event Search. What is the purpose of this Event Search?
A. It takes you to the event data related to the detection and provides you with a number of Event Actions
B. It provides chronological list of all the event data for the host
C. It allows the analyst to view the full detection details
D. It takes you to the Event Search and shows a +/-10-minute window of events
Answer
D. It takes you to the Event Search and shows a +/-10-minute window of events
Explanation
When viewing the details for a detection in CrowdStrike, analysts have the ability to pivot directly to an Event Search. The purpose of this Event Search is to show the analyst all of the event data from the host that occurred in a 10-minute window, spanning from 10 minutes before the detection to 10 minutes after.
This focused +/-10-minute view allows the analyst to efficiently review the relevant event data that may provide context around what occurred on the host immediately before, during, and after the time the detection was triggered. The Event Search also provides the analyst with a number of helpful Event Actions that can be taken to investigate the events further, contain the threat, and remediate.
So in summary, pivoting to an Event Search from a detection enables the analyst to quickly access the most pertinent event data in a targeted window of time and leverages Event Search capabilities to respond to the incident. The other answer choices do not accurately describe the purpose and functionality of the Event Search pivot.
CrowdStrike CCFH-202 certification exam practice question and answer (Q&A) dump with detail explanation and reference available free, helpful to pass the CrowdStrike CCFH-202 exam and earn CrowdStrike CCFH-202 certification.