A. This isn't supported, you have to exit the dashboard and go into the Widget Library first to create it.
B. Click on "Save to Widget Library" in the dashboard and you will be prompted to give the query a name and description.
C. Click on "Save to Action Center" in the dashboard and you will be prompted to give the query a name and description.
D. Click the three dots on the widget and then choose "Save" and this will link the query to the Widget Library.
A. Dylib Hijacking
B. DDL Security
C. Hot Patch Protection
D. Kernel Integrity Monitor (KIM)
A. global exception profiles that apply to all endpoints
B. role-based profiles that apply to specific endpoints
C. agent exception profiles that apply to specific endpoints
D. exception profiles that apply to specific endpoints
A. Alerts that occur within athree-hourtime frame are grouped together into one Incident.
B. Every alert creates a new Incident.
C. Only alerts with the same host are grouped together into one Incident in a given time frame.
D. Alerts with same causality chains that occur within a given time frame are grouped together into an Incident.
A. Behavioral Threat Protection
B. Restriction Policy
C. Hash Verdict Determination
D. Child Process Protection
A. destination port
B. full path
C. App-ID
D. e-mail address
A. Manually star an alert.
B. Create an Incident-starring configuration.
C. Create an alert-starring configuration.
D. Manually star an Incident.
A. mark the incident as Unresolved
B. create an exception to prevent future false positives
C. mark the incident as Resolved - False Positive
D. create a BIOC rule excluding this behavior
A. threat_event
B. event_type
C. causality_chain
D. endpoint_name
