An organization discovered that a stealth intrusion was not flagged by its detection platform despite confirming the incident in system logs. Which approach best identifies why the event was not recognized and addresses how to avoid missing similar activities?
Reconfigure thresholds and update software to improve detection scope
Deploy extra monitoring tools across the network to enhance detection coverage
Analyze detection tool logs for pattern correlations with the observed data to verify system logic
Adjust rules to the highest sensitivity, triggering notifications for unusual events
Verifying the detection tool’s logs alongside confirmed incident evidence is the most direct way to pinpoint gaps in alerts and correlation. Simply adding tools, adjusting sensitivity, or expanding thresholds might improve detection capacity but do not directly explain why the current system missed the specific intrusion. Understanding the mismatch between logs and detection is crucial to recognizing which rules or correlations need adjustment.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What does it mean to analyze detection tool logs for pattern correlations?
Open an interactive chat with Bash
Why is adding extra monitoring tools not the best solution in this scenario?
Open an interactive chat with Bash
What are some potential reasons the detection system missed the intrusion despite logs indicating activity?