An analyst is investigating an alert within Enterprise EDR. The alert is tied to an unusual process name. When navigating to the binary details page, for the binary used in the alert, the analyst sees the following:
The analyst wants to find any instances of this process executing regardless of the process name used.
Which two details from the binary can be used to search for the application regardless of the seen name? (Choose two.)
Which strategy should be used to purge inactive bans from the web console?
An analyst on the security team noticed that several alerts are false positives within Enterprise EDR. The
analyst disables the IOC within the report from those alerts.
Which statement correctly explains what disabling the IOC will accomplish?
There is a need to ignore all activity at an application path.
Which rule definition should be used to address this need?
App Control System Health email alerts for excessive agent backlog are occurring hourly. This is
overwhelming the analysts, and they would like to reduce the notifications.
How can the analyst reduce the unneeded alerts?
