A security team has collected logs from multiple sensors for several weeks and observes a spike in suspicious processes that grows over time. Which action would best confirm whether this unexpected growth signifies malicious behavior?
Review suspicious processes against documented attacks and check additional logs
Optimize detection parameters to refine sensitivity
Identify repeated processes and evaluate whether they represent known patterns
Streamline event history by focusing on recent data
Reviewing suspicious processes against documented attacks and correlating them with other logs helps clarify whether the surge of processes aligns with known methods of intrusion. This approach determines if the activity is deliberately harmful or a normal variation. Streamlining or discarding historical records, broadly dismissing events as known patterns, or adjusting configurations to reduce alerts can obscure crucial evidence and weaken thorough analysis.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What are documented attacks in cybersecurity?
Open an interactive chat with Bash
Why is correlating logs important in investigating potential threats?
Open an interactive chat with Bash
What is MITRE ATT&CK, and how can it assist during threat analysis?