What does pivoting to an Event Search from a detection do?
What does pivoting to an Event Search from a detection do?
Pivoting to an Event Search from a detection takes you to the raw Insight event data and provides you with a number of Event Actions. This allows for a detailed investigation by accessing the basic event data and performing various event-specific actions to examine the detection further.
The answer is B. When you click on Full Detection data and then the 3 dots, you can pivot to Event Seach where you land on the raw data info where you can select "Event Actions" which there are a number of them to select. Going with B
right one is D
You're wrong. It's B.
Agreed with sbag0024. The correct answer is 'B'. When investigating a detection, there will be a magnifying glass icon. Hovering and selecting 'Event Search' will open the Splunk equivalent search engine, exposing all of the raw data from the 'aid' and 'treeIdDecimal'.
Answer agree with B