After applying newly developed threat filters, a company noticed that legitimate transactions were falsely flagged as threats. Which strategy best addresses these incorrect alerts while still keeping functional protection in place?
Deactivate detection features until proper testing is completed
Fine-tune the newly added filters to reduce incorrect alerts on expected traffic
Restrict known services to prevent unauthorized activity
Put flagged requests into a silent log mode to minimize alerts
Adjusting the updated filters helps reduce erroneous triggers and ensures genuine malicious traffic is still identified. Temporarily disabling detection leaves gaps in coverage. Placing flagged traffic into a silent log does not solve the root cause and allows problematic alerts to persist. Restricting known services does not resolve the misconfigurations and might disrupt normal processes.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is fine-tuning in the context of threat filters?
Open an interactive chat with Bash
Why is temporarily disabling detection features not a good strategy?
Open an interactive chat with Bash
How does silent logging differ from solving false positives?