An incident response team has deployed Rita to analyze suspicious network patterns. They observe multiple outbound connections at short intervals from various hosts and want to highlight unexpected communication. Which action helps improve detection accuracy?
Mark all inbound traffic on uncommon ports as harmful
Block inbound and outbound email flows from recognized addresses
Eliminate logs from critical hosts to reduced scanning overhead
Exclude routine traffic from recognized services to focus on irregular communication intervals
Removing routine, expected traffic patterns allows the detection tool to focus on irregular communication intervals that may indicate command-and-control (C2) behavior. Filtering known benign behavior improves detection fidelity. In contrast, removing large volumes of logs or relying solely on port-based rules can mask real threats or generate unnecessary noise.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is command-and-control (C2) behavior in cybersecurity?
Open an interactive chat with Bash
Why is excluding routine traffic important for anomaly detection?
Open an interactive chat with Bash
How can tools like Rita improve detection fidelity?