A network administrator notices that scheduled scanning repeatedly flags similar findings across multiple devices, most of which turn out to be irrelevant. The team wants to reduce these unnecessary alerts by analyzing detective data together with other system logs to better distinguish legitimate warnings. Which selection meets these requirements most effectively?
Pull scanning results into a central aggregator alongside logs from endpoints and apply correlation rules
Require technicians to validate each flagged item by reviewing them individually
Turn off the scanning tool’s internal alert system to reduce repeated notifications
Increase scanning runs to several times a day to offset repeated alerts
Including scanning data in a central aggregator with endpoint logs and correlation rules adds context to repeated alerts. This highlights actual risks by comparing device details, behavior logs, and known patterns. Simple frequency increases, manual reviews for each alert, or disabling built-in functions do not leverage cross-correlation, which is needed to enhance accuracy and reduce recurring irrelevant reports.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is a central aggregator in cybersecurity?
Open an interactive chat with Bash
What are correlation rules and how do they work?
Open an interactive chat with Bash
Why is cross-correlation important for reducing false positives?