Which TWO data sources in Microsoft Sentinel are commonly used for threat hunting related to lateral movement?
Shows network connections from endpoints to other internal IPs.
Why this answer
Options B and D are correct. SecurityEvent (Windows Event Logs) contains Event ID 4624 (logon) and 4688 (process), useful for lateral movement. DeviceNetworkEvents (Microsoft Defender for Endpoint) shows network connections.
Option A is for syslog, not Windows events. Option C is for DNS, which is less direct. Option E is for Azure activity, not lateral movement.