Multiple Choice
How is it possible to navigate to the list of currently-enabled ES correlation searches?
A) Configure -> Correlation Searches -> Select Status "Enabled"
B) Settings -> Searches, Reports, and Alerts -> Filter by Name of "Correlation"
C) Configure -> Content Management -> Select Type "Correlation" and Status "Enabled"
D) Settings -> Searches, Reports, and Alerts -> Select App of "SplunkEnterpriseSecuritySuite" and filter by "-Rule"
Correct Answer:
Verified
Correct Answer:
Verified
Q62: Which of the following threat intelligence types
Q63: The Remote Access panel within the User
Q64: Which of the following is a recommended
Q65: What is the maximum recommended volume of
Q66: Who can delete an investigation?<br>A) ess_admin users
Q67: Which component normalizes events?<br>A) SA-CIM.<br>B) SA-Notable.<br>C) ES
Q68: What is the first step when preparing
Q69: When creating custom correlation searches, what format
Q71: An administrator is asked to configure an
Q72: Where is the Add-On Builder available from?<br>A)