🔥 3-day streak
Professional Security Operations Engineer178 / 241
Question 178 of 241
A threat hunter receives a GTI report describing a novel loader identified by a specific SHA-256 hash. They confirmed one endpoint executed the file. To test the hypothesis that the loader has spread laterally, the hunter wants to determine which other hosts in the enterprise have executed the same binary and how recently each first saw it. Using UDM search in Google SecOps, which approach most directly and efficiently supports this pivot?
Reviewed for accuracy · Report an issueNext question