What part of the Investigate module should you use when you want to write custom queries to analyze, explore, or hunt for suspicious or malicious activity in your environment?
What part of the Investigate module should you use when you want to write custom queries to analyze, explore, or hunt for suspicious or malicious activity in your environment?
Event Search is the component within the Investigate module that is designed specifically for writing custom queries. It allows users to analyze, explore, and hunt for suspicious or malicious activities by querying various security events and data, making it the most suitable option for this purpose.
D. Event Search. Only this answers is related or can use for write custom queries to search