A security team reports that they are flooded with repeated notifications in the central console. Which method is the best for reducing these repeated entries so analysts can focus on unique threats?
Use a daily cleanup script to remove repeated entries from the log files
Ignore data from specific hosts to reduce the volume of notifications
Enable correlation that consolidates repeated entries sharing the same signature
Provide additional monitoring displays for frequently repeated notifications
Enabling correlation that merges repeated entries from the same source or with the same signature incorporates all relevant data into a single alert. This approach helps analysts concentrate on unique events. Ignoring logs from certain systems, manually removing repeated entries, or adding more dashboards can cause missed detections or complicate the monitoring process while not addressing repeated alerts effectively.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is correlation in the context of a security monitoring system?
Open an interactive chat with Bash
Why is ignoring logs from specific hosts not an effective solution for repeated notifications?
Open an interactive chat with Bash
How does enabling correlation differ from using a cleanup script to manage repeated entries?