SC-200

Study mode — explanations shown

1

Perform threat hunting

medium

Refer to the exhibit. This JSON defines a scheduled analytics rule in Microsoft Sentinel. Which type of threat is the rule primarily designed to detect?

Exhibit

Refer to the exhibit.

```json
{
  "properties": {
    "query": "(union isfuzzy=true\n  (DeviceProcessEvents\n  | where FileName == \"rundll32.exe\"\n  | where ProcessCommandLine contains \"javascript\"\n  ),\n  (DeviceNetworkEvents\n  | where RemoteIPType == \"Public\"\n  | where Protocol == \"HTTP\"\n  )\n)",
    "queryFrequency": "1h",
    "queryPeriod": "1h",
    "triggerOperator": "gt",
    "triggerThreshold": 1
  }
}
0 of 75 answered