🔥 3-day streak
Professional Security Operations Engineer15 / 241
Question 15 of 241
A threat intel bulletin from GTI reports a new malware campaign associated with a specific SHA-256 file hash and warns it may have been active for up to 45 days before public disclosure. Your organization's Google SecOps tenant retains 90 days of UDM data. You want to form a hypothesis-driven hunt to determine whether this hash ever executed anywhere in your environment, prioritizing completeness over speed. Which approach best fits this hunting goal?
Reviewed for accuracy · Report an issueNext question