You found a list of SHA256 hashes in an intelligence report and search for them using the Hash Execution Search. What can be determined from the results?
You found a list of SHA256 hashes in an intelligence report and search for them using the Hash Execution Search. What can be determined from the results?
Using the Hash Execution Search, one can determine which hosts have loaded or executed the specified SHA256 hashes. This is relevant because it helps in identifying the affected machines by looking up the hashes found in an intelligence report.
when you go to Hash Search you have a field Process Executions. I do not see anything related to Hosts. Answer is A
Answer is A, the hash is refer to the process and it will usually use for IOC management for the process. compare A and B, A is asking "process" and B us asking "hosts loaded it", but A is better answer because "process execution" is before "host" and one host can be load the same process more than once.
Answer is A, the hash is refer to the process and it will usually use for IOC management for the process. compare A and B, A is asking "process" and B us asking "hosts loaded it", but A is better answer because "process execution" is before "host" and one host can be load the same process more than once.
The correct answer is A
Is A, totally
Both A and B are correct. But A shows more practical use case for Hash search.
B is the answer. It even says on the page "Hosts that loaded/executed specified Hash"
I actually think this is A. There is a lot more related here for process execution than hosts in the UI.
Could also be the A
answer is B