A large enterprise has a new monitoring system that generates a high volume of routine notices. Security personnel get overwhelmed and miss unusual intrusions. Which strategy helps them refine thresholds and rule sets to emphasize activities that could signal a breach?
Raise scanning scope for all possible actions to gather maximum data
Configure correlation rules based on severity and event frequency to produce targeted notifications
Employ container management technology to scale events processing for automatic filtering
Use a content distribution network to redirect network activity and reduce traffic
Adjusting correlation and priority settings ensures that alerts reflect real threats rather than routine traffic. The effective approach involves tuning severity levels for different event types. Increasing the scanning scope generates more data, which can further overwhelm the team. Relying on a specialized distribution platform or container handling does not directly target the root issue of setting rules that filter repetitive events and highlight events likely to be malicious.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What are correlation rules in a monitoring system?
Open an interactive chat with Bash
Why is increasing scanning scope not effective for reducing alert fatigue?
Open an interactive chat with Bash
How do severity levels help prioritize security alerts?