Which of the following is TRUE about a Hash Search?
Which of the following is TRUE about a Hash Search?
Wildcard searches are not permitted with the Hash Search. Hash Search typically involves searching for specific file hashes, indicating that wildcard or partial searches are not feasible or permitted. This ensures precise identification of specific files based on their unique hash values.
The Hash Search is available on Linux, as well as Windows and Mac OS X. The Hash Search is an Investigate tool that allows you to search for a file hash and view its process execution history across all hosts in your environment.
B. Shows process history and load history so it's not D. It's not A as Wildcard searches are not recommended due to being error prone, but can be done. It's not C as Hash search is in Falcon and runs against all sensors, Mac/Win/Linux and is not just for Linux.