An organization discovered several malicious probes had gone unnoticed by its security monitoring system. Which option is most likely to catch these attempts in the future?
Perform isolated manual verification of suspicious records
Shorten the log storage timeframe to focus on the newest events
Regularly tune correlation thresholds using multiple data points
Remove frequent items from analysis if they have been seen before
Regularly adjusting correlation thresholds using data from various sources helps reduce overlooked threats. Short retention periods risk discarding relevant evidence. Excluding repeated occurrences may miss persistent attacks. Manual spot checks are limited in scope and do not automatically scale. Threshold adjustments allow the system to better detect unexpected or evolving intrusions.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What are correlation thresholds in security monitoring?
Open an interactive chat with Bash
Why is it risky to shorten the log storage timeframe?
Open an interactive chat with Bash
How does excluding repeated events impact threat detection?