Splunk Observability Cloud Certified Metrics User — Question 62

An analyst investigates an IDS alert and confirms suspicious traffic to a known malicious IP. What Enterprise Security data model would they use to investigate which process initiated the network connection?

Answer options

• A. Endpoint
• B. Authentication
• C. Network traffic
• D. Web

Correct answer: A

Explanation

The correct answer is A, Endpoint, because this data model provides insights into processes running on devices, allowing analysts to trace back which specific process initiated the connection. The other options, such as Authentication, Network traffic, and Web, do not offer detailed information on the processes on endpoints and are not suitable for identifying the source of the network connection.