🔥 3-day streak
Professional Security Operations Engineer19 / 241
Question 19 of 241
A threat hunter at a manufacturing company suspects that an attacker deployed a rarely-seen dropper across a small number of endpoints after an initial phishing compromise. She wants to surface processes that have executed on very few hosts across the fleet within the last 14 days, prioritizing binaries that appear on only one or two distinct assets. Which Google SecOps UDM search approach best supports this prevalence-based hunting hypothesis?
Reviewed for accuracy · Report an issueNext question