John, SOC analyst wants to monitor the attempt of process creation activities from any of their Windows endpoints. Which of following Splunk query will help him to fetch related logs associated with process creation?

John, SOC analyst wants to monitor the attempt of process creation activities from any of their Windows endpoints. Which of following Splunk query will help him to fetch related logs associated with process creation?

Post author:Admin 1
Post published:August 1, 2021
Post category:Uncategorized
Post comments:0 Comments
Post last modified:August 1, 2021

Last Updated on August 1, 2021 by Admin 1

312-39 : All Parts

312-39 : Certified SOC Analyst : All Parts
312-39 Part 01	312-39 Part 04
312-39 Part 02	312-39 Part 05
312-39 Part 03

John, SOC analyst wants to monitor the attempt of process creation activities from any of their Windows endpoints.

Which of following Splunk query will help him to fetch related logs associated with process creation?

index=windows LogName=Security EventCode=4678 NOT (Account_Name=*$) .. .. … ..
index=windows LogName=Security EventCode=4688 NOT (Account_Name=*$) .. .. ..
index=windows LogName=Security EventCode=3688 NOT (Account_Name=*$) .. .. ..
index=windows LogName=Security EventCode=5688 NOT (Account_Name=*$) … … …

312-39 : All Parts

312-39 : Certified SOC Analyst : All Parts
312-39 Part 01	312-39 Part 04
312-39 Part 02	312-39 Part 05
312-39 Part 03

0 0 votes

Article Rating

Subscribe

0 Comments

Inline Feedbacks

View all comments

0

Would love your thoughts, please comment.x

()