To perform a deep-dive investigation into a specific detection, a responder needs to pivot to a process timeline. What is the minimum information required to be gathered from the detection before making this pivot?
A.
The External IP and the Username of the logged-in user.
B.
The Agent ID (AID) and the Target Process ID (TargetProcessId_decimal).
C.
The MAC Address of the host and the SHA256 hash of the file.
D.
The Policy ID and the timestamp of the first event.
Chosen Answer:
This is a voting comment (?). You can switch to a simple comment. It is better to Upvote an existing comment if you don't have anything to add.
Submit