How is it possible to navigate to the list of currently-enabled ES correlation searches?

Posted by: Pdfprep Category: SPLK-3001 Tags: SPLK-3001 exam questions, SPLK-3001 practice exam, Splunk Enterprise Security Post Date: May 16, 2021

How is it possible to navigate to the list of currently-enabled ES correlation searches?
A . Configure -> Correlation Searches -> Select Status “Enabled”
B . Settings -> Searches, Reports, and Alerts -> Filter by Name of “Correlation”
C . Configure -> Content Management -> Select Type “Correlation” and Status “Enabled”
D . Settings -> Searches, Reports, and Alerts -> Select App of “SplunkEnterpriseSecuritySuite” and filter by “- Rule”

Answer: C

Explanation:

Reference: https://docs.splunk.com/Documentation/ES/6.1.0/Admin/Listcorrelationsearches

How is it possible to navigate to the list of currently-enabled ES correlation searches?

Author

Leave a Reply Cancel reply