Falcon Identity Protection integrates directly withThreat Hunterto enable deeper investigation of identity-based activity. According to the CCIS curriculum, selectingSearch for involved entities in Threat Hunterallows analysts to pivot from an identity-based detection into Threat Hunter while preserving identity context.
This pivot enables analysts to examine related users, service accounts, endpoints, and authentication behavior using advanced queries and timelines. Importantly, this action maintains the identity-centric investigation flow, bridging detections with broader hunting capabilities.
The other options do not perform this specific pivot:
Investigating users or endpoints remains within entity views.
Searching for events in Threat Hunter does not preserve entity context.
BecauseSearch for involved entities in Threat Hunteris the correct pivot action,Option Bis the verified answer.
Contribute your Thoughts:
Chosen Answer:
This is a voting comment (?). You can switch to a simple comment. It is better to Upvote an existing comment if you don't have anything to add.
Submit