A network anomaly notable is a type of notable event that indicates a possible network attack or misconfiguration. It is generated by the Network - Anomaly Detection - Rule correlation search, which uses the Splunk Stream app to monitor network traffic and detect anomalies based on predefined thresholds. A security analyst who is investigating a network anomaly notable would use the Protocol intelligence dashboard to gain more insight into the network activity and protocols involved in the anomaly. The Protocol intelligence dashboard provides a summary of network traffic by protocol, such as TCP, UDP, ICMP, and others. It also shows the top sources, destinations, ports, and applications for each protocol. The dashboard allows the analyst to filter the data by time range, protocol, source, destination, port, and application. The dashboard also provides drilldown links to other dashboards, such as the Network Resolution dashboard and the Traffic Size Analysis dashboard, for further analysis. Therefore, the correct answer is D. Protocol intelligence dashboard. References =
Network - Anomaly Detection - Rule
Protocol intelligence dashboard
Splunk Stream app
Contribute your Thoughts:
Chosen Answer:
This is a voting comment (?). You can switch to a simple comment. It is better to Upvote an existing comment if you don't have anything to add.
Submit