Posted by: Pdfprep
Post Date: May 16, 2021
How is it possible to navigate to the list of currently-enabled ES correlation searches?
A . Configure -> Correlation Searches -> Select Status “Enabled”
B . Settings -> Searches, Reports, and Alerts -> Filter by Name of “Correlation”
C . Configure -> Content Management -> Select Type “Correlation” and Status “Enabled”
D . Settings -> Searches, Reports, and Alerts -> Select App of “SplunkEnterpriseSecuritySuite” and filter by “- Rule”
Answer: C
Explanation:
Reference: https://docs.splunk.com/Documentation/ES/6.1.0/Admin/Listcorrelationsearches
Leave a Reply