What is the difference between a Host Search and a Host Timeline?
A.
Host Search is used for detection investigation and Host Timeline is used for proactive hunting
B.
A Host Search organizes the data in useful event categories like process executions and network connections; a Host Timeline provides an uncategorized view of recorded events in chronological order
C.
You access a Host Search from a detection to show you every recorded process event related to the detection and you can only populate the Host Timeline fields manually
D.
There is no difference. You just get to them different ways
Answer B
B. A Host Search organizes the data in useful event categories like process executions and network connections; a Host Timeline provides an uncategorized view of recorded events in chronological order
A Host Search allows you to organize and filter data based on specific event categories, making it easier to investigate and identify specific events related to your search criteria.
A Host Timeline provides a chronological view of recorded events without categorization, allowing you to see all events in the order they occurred, which can be useful for understanding the sequence of activities on a host.
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
alanalanalan
3 months, 4 weeks agoPipo12345
11 months, 1 week agoChiquitabandita
1 year, 2 months agoexamtopics3000
1 year, 3 months ago