3 Months Free Update
3 Months Free Update
3 Months Free Update
When analyzing an executable with a global prevalence of common; but you do not know what the executable is. what is the best course of action?
From the Detections page, how can you view 'in-progress' detections assigned to Falcon Analyst Alex?
How are processes on the same plane ordered (bottom 'VMTOOLSD.EXE' to top CMD.EXE')?
You found a list of SHA256 hashes in an intelligence report and search for them using the Hash Execution Search. What can be determined from the results?
The Process Activity View provides a rows-and-columns style view of the events generated in a detection. Why might this be helpful?
From a detection, what is the fastest way to see children and sibling process information?
In the "Full Detection Details", which view will provide an exportable text listing of events like DNS requests. Registry Operations, and Network Operations?
Within the MITRE-Based Falcon Detections Framework, what is the correct way to interpret Keep Access > Persistence > Create Account?