While reviewing security alerts, you identify many repeated notifications that do not correspond to actual threats. You want to improve detection accuracy without losing the ability to spot dangerous activity. Which method aligns best with this goal?
Raise the detection level for every monitored event without analysis
Turn off all recurring notifications that appear benign
Refine alerting rules to fit normal usage patterns through targeted adjustments
Send all raw logs to an external collector for analysis by another team
Adjusting thresholds and filters removes noisy alerts and maintains visibility into signals that pose risk. Deactivating triggers may conceal real issues. Raising thresholds for everything can overlook targeted behaviors, and exporting data in bulk might overwhelm external tools and delay urgent investigations.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What are alerting rules in cybersecurity?
Open an interactive chat with Bash
Why is deactivating triggers a risky approach?
Open an interactive chat with Bash
What challenges are associated with exporting raw logs to external systems?