🔥 3-day streak
Professional Security Operations Engineer16 / 241
Question 16 of 241
A threat intelligence report from Google Threat Intelligence (GTI) attributes a recent campaign to a group that stages payloads on a rotating set of newly registered domains, all sharing a distinctive TLS certificate serial number. Your SecOps team wants to run a hypothesis-driven hunt to determine whether any endpoints in your environment have contacted infrastructure matching this campaign, even if the specific domains in the report are not yet observed in your logs. Which approach best supports this hunt in Google SecOps?
Reviewed for accuracy · Report an issueNext question