A security engineer notices suspicious behavior recurring in multiple data sources including web server and intrusion detection system logs. Which approach best helps the team discover repeated patterns across all sources?
Build a standalone detection solution that monitors user activity yet excludes device logs
Review each log repository thoroughly one at a time, searching for recurring records manually
Disable repeated entries in the logging configurations to reduce system overhead and highlight unique events
Integrate each source in a tool that automatically correlates shared data fields, revealing repeated indicators across logs
The action that brings each data source together and finds shared details across logs is most effective, helping the team see recurring activity. Ignoring repeated entries can hide important details, focusing on partial logs omits potential warning signs, and a manual check by searching each repository is time-consuming and prone to oversights.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What does it mean to integrate data sources for correlation?
Open an interactive chat with Bash
What is a SIEM, and how does it help with log analysis?
Open an interactive chat with Bash
Why is manual log analysis not an effective approach?