A company with regional offices wants to identify unusual trends and hidden anomalies in event records from multiple locations. Which design choice best supports this objective?
Aggregate event data from all regions into a unified repository for collective review
Remove certain entries to lower storage costs and keep only minimal records
Send logs to a hosted service but avoid performing correlated reviews
Maintain logs in separate offices and let each team review its own data independently
Centralizing event data in one shared environment promotes correlation and analysis across all offices. Storing data locally in separate locations prevents recognition of patterns that span multiple regions. Removing valuable entries eliminates critical information used for analysis, and sending records to an outside provider without thorough review limits detection capabilities.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
Why is centralizing event data important for anomaly detection?
Open an interactive chat with Bash
What tools can be used to analyze aggregated event data?
Open an interactive chat with Bash
What risks are associated with removing certain entries from event logs?