What is the difference between a Host Search and a Host Timeline?

What is the difference between a Host Search and a Host Timeline?
A . Results from a Host Search return information in an organized view by type, while a Host Timeline returns a view of all events recorded by the sensor
B . A Host Timeline only includes process execution events and user account activity
C . Results from a Host Timeline include process executions and related events organized by data type. A Host Search returns a temporal view of all events for the given host
D . There is no difference – Host Search and Host Timeline are different names for the same search
page

View Answer

Answer: A

Explanation:

According to the CrowdStrike Falcon Devices Add-on for Splunk Installation and Configuration Guide v3.1.5+, the Host Search allows you to search for hosts based on various criteria, such as hostname, IP address, OS, etc1. The results are displayed in an organized view by type, such as detections, incidents, processes, network connections, etc1. The Host Timeline allows you to view all events recorded by the sensor for a given host in a chronological order1. The events include process executions, file writes, registry modifications, network connections, user logins, etc1.