About this talkDuring this training you will understand prevalence, how to drill into an event by looking at the timeline, domain and users & hash views. We will also cover root & raw log scan. You will learn more about how to create a rule and rule authoring.