What best describes what happens to detections in the console after clicking "Enable Detections" for a host which previously had its detections disabled?
What best describes what happens to detections in the console after clicking "Enable Detections" for a host which previously had its detections disabled?
Answer is B. When selecting the "enable detections" button in the host management section, the message says: "You are about to enable detections for HOSTNAME. By doing so, detections will resume for this host and will start appearing in the Falcon Host UI. As a reminder, any detections that existed prior to disabling detections will be restored to the UI. Are you sure you want to enable detections for HOSTNAME?"
Test en Falcon console, at the moment that you are going to disable the detections the console advice to this action.
C
C. New detections will start appearing in the console immediately. Previous detections will not be restored to the console for that host This ensures that the host resumes normal detection reporting from the point detections are re-enabled, without retroactively adding past events that occurred during the disabled period.
when you enable detections again, the previously hidden detections will be restored and become visible in the Falcon Host UI. So, the detections are not lost, and the system does indeed restore that data to the UI once you enable detections again for the host.