🔥 3-day streak
Microsoft Security Operations Analyst88 / 190
Question 88 of 190
During advanced hunting in Microsoft Defender XDR, you run a KQL query against DeviceProcessEvents and identify a suspicious process launched by a service account on a domain controller. You want to visually explore how this device is connected to other entities (accounts, files, and devices) involved in the same activity, and interactively pivot across those relationships to reconstruct a possible attack path without writing additional join-heavy queries. Which capability should you use?
Reviewed for accuracy · Report an issueNext question