B has to be the right answer. An 'internal value not useful for an investigation' sounds like the kind of cryptic field that security tools love to include. #JustSecurityThings
I'm going with D. The TargetProcessld_decimal value for the process that made the DNS request seems like the most relevant information to have in this field.
I think the purpose of the ContextProcessId_decimal field is to contain the ContextProcessId_decimal value for the parent process that made the DNS request.
I think it's C. The ContextProcessld_decimal field should contain the parent process that made the DNS request, not the target process. That makes the most sense in the context of a DNS event.
I think it's C. The ContextProcessld_decimal field should contain the parent process that made the DNS request, not the target process. That makes the most sense in the context of a DNS event.
upvoted 0 times
...
...
Log in to Pass4Success
Sign in:
Report Comment
Is the comment made by USERNAME spam or abusive?
Commenting
In order to participate in the comments you need to be logged-in.
You can sign-up or
login
Viola
6 days agoAnna
8 days agoBroderick
10 days agoCurtis
18 days agoLaurel
20 days agoVerona
22 days agoBettye
5 days ago