An organization discovered several malicious probes had gone unnoticed by its security monitoring system. Which option is most likely to catch these attempts in the future?
Remove frequent items from analysis if they have been seen before
Perform isolated manual verification of suspicious records
Regularly tune correlation thresholds using multiple data points
Shorten the log storage timeframe to focus on the newest events
Regularly adjusting correlation thresholds using data from various sources helps reduce overlooked threats. Short retention periods risk discarding relevant evidence. Excluding repeated occurrences may miss persistent attacks. Manual spot checks are limited in scope and do not automatically scale. Threshold adjustments allow the system to better detect unexpected or evolving intrusions.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
Why are correlation thresholds important in security monitoring?
Open an interactive chat with Bash
What are examples of data points used for correlation thresholds?
Open an interactive chat with Bash
How often should correlation thresholds be tuned in practice?