ExamGecko
Search Search Login
Home Home / Splunk / SPLK-2003
Question list
Search
Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

Which of the following can be configured in the ROI Settings?
What does a user need to do to have a container with an event from Splunk use context-aware actions designed for notable events?
Some of the playbooks on the SOAR server should only be executed by members of the admin role. How can this rule be applied?
How can the DECIDED process be restarted?
Which of the following queries would return all artifacts that contain a SHA1 file hash?
What are the components of the I2A2 design methodology?
What is the default embedded search engine used by SOAR?
After a playbook has run, where are the results stored?
Which is the primary system requirement that should be increased with heavy usage of the file vault?
What values can be applied when creating Custom CEF field?

Question 31 - SPLK-2003 discussion

Report
Export

Which of the following will show all artifacts that have the term results in a filePath CEF value?

A.
.../rest/artifact?_filter_cef_filePath_icontain=''results''
Answers
A.
.../rest/artifact?_filter_cef_filePath_icontain=''results''
B.
...rest/artifacts/filePath=''%results%''
Answers
B.
...rest/artifacts/filePath=''%results%''
C.
.../result/artifacts/cef/filePath= '%results%''
Answers
C.
.../result/artifacts/cef/filePath= '%results%''
D.
.../result/artifact?_query_cef_filepath_icontains=''results
Answers
D.
.../result/artifact?_query_cef_filepath_icontains=''results
Suggested answer: A

Explanation:

The correct answer is A because the_filterparameter is used to filter the results based on a fieldvalue, and theicontainoperator is used to perform a case-insensitive substring match.ThefilePathfield is part of the Common Event Format (CEF) standard, and thecef_prefix is usedto access CEF fields in the REST API. The answer B is incorrect because it uses the wrong syntaxfor the REST API. The answer C is incorrect because it uses the wrong endpoint (resultinsteadofartifact) and the wrong syntax for the REST API. The answer D is incorrect because it uses thewrong syntax for the REST API and the wrong spelling for theicontainsoperator.Reference:Splunk SOAR REST API Guide, page 18.To query and display all artifacts that contain the term 'results' in a filePath CEF (Common EventFormat) value, using the REST API endpoint with a filter parameter is effective. The filter_filter_cef_filePath_icontain='results' is applied to search within the artifact data for filePathfields that contain the term 'results', disregarding case sensitivity. This method allows users toprecisely locate and work with artifacts that meet specific criteria, aiding in the investigationand analysis processes within Splunk SOAR.

Show Answer
asked 23/09/2024
Knowledge Mathebula
35 questions
PreviousPreviousNextNext
User
Your answer:
0 comments
Sorted by

Leave a comment first

ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms