SC-200 Perform threat hunting • Set 4
SC-200 Perform threat hunting Practice Test 4 — 15 questions with explanations. Free, no signup.
You are reviewing a threat hunting KQL query in Microsoft Sentinel. The query references an external CSV containing malicious IPs. The query returns no results despite known malicious activity. What is the most likely issue?
Refer to the exhibit. ```kusto let HuntingTimeRange = 7d; let MaliciousIPs = externaldata(IP:string) ["https://raw.githubusercontent.com/stixproject/.../malicious_ips.csv"] with (format="csv"); DeviceNetworkEvents | where Timestamp > ago(HuntingTimeRange) | where RemoteIP in (MaliciousIPs) | project Timestamp, DeviceName, RemoteIP, RemotePort, InitiatingProcessFileName ```