What best describes what happens to detections in the console after clicking "Enable Detections" for a host which previously had its detections disabled?
A.
Enables custom detections for the host
B.
New detections will start appearing in the console, and all retroactive stored detections will be restored to the console for that host
C.
New detections will start appearing in the console immediately. Previous detections will not be restored to the console for that host
Answer is B.
When selecting the "enable detections" button in the host management section, the message says:
"You are about to enable detections for HOSTNAME. By doing so, detections will resume for this host and will start appearing in the Falcon Host UI. As a reminder, any detections that existed prior to disabling detections will be restored to the UI.
Are you sure you want to enable detections for HOSTNAME?"
C. New detections will start appearing in the console immediately. Previous detections will not be restored to the console for that host
This ensures that the host resumes normal detection reporting from the point detections are re-enabled, without retroactively adding past events that occurred during the disabled period.
Test en Falcon console, at the moment that you are going to disable the detections the console advice to this action.
upvoted 1 times
...
Log in to ExamTopics
Sign in:
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
evilCorpBot7494
4 days, 2 hours agokitkat007
1 month ago6c86de0
3 months agojavier199255
4 months, 1 week ago