- All Exams Instant Download
Which query can the analyst use as a working sample?
An analyst needs to find all events that are creating offenses that are triggered by rules that contain the word suspicious in the rule name.
Which query can the analyst use as a working sample?
A . SELECT LOGSOURCENAME(logsourceid), * from events where RULENAME(creeventlist) ILIKE ,o/0suspicious%’
B . SELECT LOGGEDOFFENSE(logsourceid), * from offense_events where RULENAME(creeventlist) ILIKE ,%suspicious%’
C . SELECT LOGSOURCETYPE(logsourceid), – from log_events where RULENAME(creeventlist) ILIKE ‘%suspicious%’
D . SELECT LOGSOURCERULES(logsourceid), " from rule_events where RULENAME(creeventlist) ILIKE ‘%suspicious%’
Answer: A
Subscribe
Login
0 Comments
