In the query
"extend ProcessEntropy = -log2(PCoHValue/TPCoHValue)*(PCoHValue/TPCoHValue)"
PCoHValue means the ProcessCountOnHost value.
Answer options:
A.True
B.False
Answer correct:
Correct Answer: A
Entropy calculation used to help identify Hosts where they have a high variety of processes (a high entropy process list on a given Host over time). This helps us identify rare processes on a given Host. Rare here means a process shows up on the Host relatively few times in the last 7days.
Reference: