Sensor Visibility Exclusion patterns are written in which syntax?
Sensor Visibility Exclusion patterns are written in which syntax?
Sensor Visibility Exclusion patterns are written in Glob Syntax. This type of syntax is used for matching file names and directory structures in a flexible way, allowing for the use of wildcards to account for variations across multiple hosts and environments. Features that support globs include prevention policy exclusions, file integrity monitoring rules, and firewall wildcard rules.
Checked on UI
Correct is A Correction: IOA = Regex Sensor Visibility = Glob Syntax
Answer A, A. Glob Syntax Globs in the Falcon console Glob wildcards offer flexibility when file names and directory structures vary across multiple hosts. For example, wildcards can match partial file names or match file names regardless of what directory they’re in. Features that support globs: Prevention policy exclusions. For more info, see Understanding prevention policy exclusions. Falcon FileVantage file integrity monitoring rules and scheduled exclusions. For more info, see Falcon FileVantage. Falcon Firewall wildcard IFN rules. For more info, see Manage your firewall rules and rule groups. Falcon USB Device Control serial numbers used to create prevention policy exceptions. For more info, see USB Device Control. Reference : In 2024, the Advanced event search will use the CrowdStrike Query Language (CQL).
checked in docs
You’re on a mission!! Lmfaooo
It's A
The correct answer for Sensor Visibility Exclusion patterns in Crowdstrike is: C. RegEx (Regular Expressions) https://www.crowdstrike.com/blog/tech-center/custom-ioas/
Answer A, A. Glob Syntax Globs in the Falcon console Glob wildcards offer flexibility when file names and directory structures vary across multiple hosts. For example, wildcards can match partial file names or match file names regardless of what directory they’re in. Features that support globs: Prevention policy exclusions. For more info, see Understanding prevention policy exclusions. Falcon FileVantage file integrity monitoring rules and scheduled exclusions. For more info, see Falcon FileVantage. Falcon Firewall wildcard IFN rules. For more info, see Manage your firewall rules and rule groups. Falcon USB Device Control serial numbers used to create prevention policy exceptions. For more info, see USB Device Control. Reference : In 2024, the Advanced event search will use the CrowdStrike Query Language (CQL).
View Link - Olha essa dica: https://www.examtopics.com/discussions/crowdstrike/view/96918-exam-ccfa-topic-1-question-51-discussion/
You gave couple different answers, you commented A and C, then now you just post a link, but not directly related. So what is the correct answer? That question is : Custom IOA rules are defined using which syntax? Don't waste your time, dude.