Which of the following lookup types in Enterprise Security contains information about known hostile IP addresses?
Both “Recommended Actions” and “Adaptive Response Actions” use adaptive response. How do they differ?
What feature of Enterprise Security downloads threat intelligence data from a web server?
How is notable event urgency calculated?
What do threat gen searches produce?
What does the risk framework add to an object (user, server or other type) to indicate increased risk?
Which of the following is a risk of using the Auto Deployment feature of Distributed Configuration Management to distribute indexes.conf?
A set of correlation searches are enabled at a new ES installation, and results are being monitored. One of the correlation searches is generating many notable events which, when evaluated, are determined to be false positives.
What is a solution for this issue?
Where is detailed information about identities stored?
Which tool Is used to update indexers In E5?
Which component normalizes events?
What is the main purpose of the Dashboard Requirements Matrix document?
An administrator wants to ensure that none of the ES indexed data could be compromised through tampering. What feature would satisfy this requirement?
Which of the following are data models used by ES? (Choose all that apply)
Which column in the Asset or Identity list is combined with event security to make a notable event’s urgency?
Glass tables can display static images and text, the results of ad-hoc searches, and which of the following objects?
Which data model populated the panels on the Risk Analysis dashboard?
An administrator is provisioning one search head prior to installing ES. What are the reference minimum requirements for OS, CPU, and RAM for that machine?
Which feature contains scenarios that are useful during ES Implementation?
Where should an ES search head be installed?
At what point in the ES installation process should Splunk_TA_ForIndexes.spl be deployed to the indexers?
What is the default schedule for accelerating ES Datamodels?
Which of the following steps will make the Threat Activity dashboard the default landing page in ES?
Following the installation of ES, an admin configured users with the ess_user role the ability to close notable events.
How would the admin restrict these users from being able to change the status of Resolved notable events to Closed?