After pivoting to an event search from a detection, you locate the ProcessRollup2 event. Which two field values are you required to obtain to perform a Process Timeline search so you can determine what the process was doing?
After pivoting to an event search from a detection, you locate the ProcessRollup2 event. Which two field values are you required to obtain to perform a Process Timeline search so you can determine what the process was doing?
To perform a Process Timeline search, you need to know the specific agent identifier, which is the 'aid' field, and the identifier of the process being targeted, which is the 'TargetProcessId_decimal' field. These two pieces of information are crucial to accurately trace and investigate what actions the process was performing.
correct answer is A
The correct answer is D. You need AID and Target ProcessID. Parent Process ID you can use also but it's not needed as it's filled in with an (*).