A security operations center sees an unusually large volume of notifications related to firewall events. Many of these triggers are associated with legitimate user traffic, making it harder to identify actual threats. The center must keep valuable data but reduce unhelpful volume. Which method best addresses this challenge while preserving important security indicators?
Strengthen correlation logic to identify meaningful patterns instead of generating identical notifications for usual actions
Deactivate firewall logging to remove repetitive data
Lower the assigned severity levels for all firewall-related events
Refining rules helps focus on events with genuine signs of compromise while keeping an eye on normal traffic for potential changes in behavior. Lowering severity across the board eliminates critical detection on legitimate threats. Deactivating system logs blocks useful data altogether. Promptly generating a response for every event diverts bandwidth from identifying suspicious behavior versus routine activity.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is correlation logic in cybersecurity?
Open an interactive chat with Bash
Why is lowering event severity not a good solution?