A threat hunter generates a report containing the list of users who have logged in to a particular database
during the last 6 months, along with the number of times they have each authenticated. They sort this list and
remove any user names who have logged in more than 6 times. The remaining names represent the users who
rarely log in, as their activity is more suspicious. The hunter examines each of these rare logins in detail.
This is an example of what type of threat-hunting technique?
During their shift, an analyst receives an alert about an executable being run from C:\Windows\Temp. Why
should this be investigated further?
© Copyrights DumpsEngine 2026. All Rights Reserved
We use cookies to ensure your best experience. So we hope you are happy to receive all cookies on the DumpsEngine.
