3 Months Free Update
3 Months Free Update
3 Months Free Update
When using distributed configuration management to create the Splunk_TA_ForIndexers package, which three files can be included?
Which correlation search feature is used to throttle the creation of notable events?
After installing Enterprise Security, the distributed configuration management tool can be used to create which app to configure indexers?
“10.22.63.159”, “websvr4”, and “00:26:08:18: CF:1D” would be matched against what in ES?
When installing Enterprise Security, what should be done after installing the add-ons necessary for normalizing data?
A set of correlation searches are enabled at a new ES installation, and results are being monitored. One of the correlation searches is generating many notable events which, when evaluated, are determined to be false positives.
What is a solution for this issue?
An administrator wants to ensure that none of the ES indexed data could be compromised through tampering. What feature would satisfy this requirement?
What feature of Enterprise Security downloads threat intelligence data from a web server?
How does ES know local customer domain names so it can detect internal vs. external emails?
What is the maximum recommended volume of indexing per day, per indexer, for a non-cloud (on-prem) ES deployment?
Following the Installation of ES, an admin configured Leers with the ©ss_uso r role the ability to close notable events. How would the admin restrict these users from being able to change the status of Resolved notable events to closed?
Which setting is used in indexes.conf to specify alternate locations for accelerated storage?
Which of the following ES features would a security analyst use while investigating a network anomaly notable?