Which two areas of Cortex XDR are used for threat hunting activities?

The correct choice for the areas of Cortex XDR used for threat hunting activities includes the live terminal and the query builder. These features are essential for conducting active investigations into potential threats within an IT environment.

The live terminal allows security professionals to execute commands directly on an endpoint, providing real-time access to system data. This immediate interface is invaluable for threat hunting, as analysts can quickly gather intelligence, analyze anomalies, and investigate suspicious activities on endpoints without leaving their analysis environment.

The query builder, on the other hand, is designed to construct and run queries against the large datasets collected from various endpoints. It enables users to search for specific indicators and patterns that might signal a security incident. By allowing analysts to articulate their queries effectively, the query builder supports the methodical exploration of data, making it easier to uncover hidden threats.

Together, these tools empower security teams to proactively hunt down potential threats and enhance the overall security posture of an organization.