Free Preparation Discussions
MENU
CrowdStrike IDP Exam - Topic 8 Question 1 Discussion
Topic #: 8
Which of the following are NOT included within the three-dot menu on Identity-based Detections?
Which of the following are not included within the three-dot menu on Identity-based Detections?
In Falcon Identity Protection, the three-dot () action menu on an identity-based detection provides analysts with a limited set of actions that apply directly to the detection itself. According to the CCIS curriculum, these actions are designed to support investigation workflow, tuning, and documentation.
The supported actions in the detection-level three-dot menu include:
Edit status, which allows analysts to update the detection state (for example, New, In Progress, or Closed).
Add comment, which enables collaboration and documentation directly on the detection.
Add exclusion, where supported, to suppress future detections that match known benign behavior.
Add to Watchlist is not included in this menu because watchlists are applied to entities (such as users, service accounts, or endpoints), not to detections. Watchlists are managed from entity views or investigation workflows and are used to increase visibility and monitoring priority for specific identities---not to act on individual detections.
This distinction is emphasized in CCIS training to reinforce the separation between entity-centric actions and detection-centric actions. Because watchlists operate at the entity level, Option B is the correct and verified answer.
Willard
4 days agoYesenia
9 days agoWilliam
14 days agoGianna
20 days agoSharmaine
25 days agoSkye
30 days agoBulah
1 month agoCorinne
1 month agoBeckie
2 months agoBernardine
2 months agoVirgina
2 months agoTrinidad
3 months agoGerald
3 months agoTrinidad
3 months agoTheodora
3 months ago