An organization ingests logs from many systems in one place. Which method is the best for finding suspicious activity that may be overlooked when examining each source separately?
Keep everything in storage until it is requested
Place all logs together in one location for simpler management
Inspect device-specific data by hand for deeper insights
Use a process that links events from different sources
Log correlation combines data from multiple sources to detect patterns or anomalies that may not be visible when reviewing logs in isolation. While centralizing logs is necessary, it doesn't automatically reveal threats unless correlation logic or rules are applied. Manual review is inefficient and error-prone, and archival storage does not provide the analysis needed for threat detection.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is log correlation in cybersecurity?
Open an interactive chat with Bash
Why is manual review of logs less effective than log correlation?