The correct is letter D, because the query has the fields "_time", "ComputerName" and "UserName". And the field "_time" means timestamp of the moment that the event was received by the Crowdstrike cloud ont Event Data Dictionary document. You can run the query "event_simpleName=UserLogon | table _time ComputerName UserName" on event search and see the results.
B. Human-readable event host time, host name, user name
Falcon Documentation > Event Investigation > Events > About Events
_time
Timestamp of the moment that the event was received by the CrowdStrike cloud. This is not to be confused with the time the event was generated locally on the system. This is the timestamp of the event from the cloud's point of view. This value can be converted to any time format and can be used for calculations.
"10/19/2017 18:10:29.396"
Correct answer is A : Machine-readable event host time, host name, user name
Reference : _time : The host's local time in epoch format."1538648887.051"
https://falcon.crowdstrike.com/documentation/page/e3ce0b24/events-data-dictionary
event host time” and “event cloud time” are two different timestamps that are used to track when an event occurred on the host and when it was ingested into the cloud-based logging service, respectively
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
joal23
Highly Voted 1 year, 1 month agoalanalanalan
Most Recent 3 months, 3 weeks agoTech_Amit
7 months, 1 week agokangaru
10 months, 1 week agogr23
10 months, 2 weeks agoAcrby
11 months, 2 weeks agoexamtopics3000
1 year, 3 months agoexamtopics3000
1 year, 3 months ago