A security analyst is tasked with implementing a solution to receive timely data on emerging malware, malicious IP addresses, and known vulnerabilities. Which of the following would BEST fulfill this requirement?
A Security Information and Event Management (SIEM) system
The correct answer is a threat feed. A threat feed is a real-time or near-real-time stream of data providing information on current and potential cyber threats, including indicators of compromise like malicious IPs, URLs, and malware signatures. A security baseline defines a standard state for a system, a SIEM is used to aggregate and analyze log data from internal sources, and a vulnerability scanner actively probes systems for weaknesses rather than providing a continuous external data stream.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What are threat feeds and how do they work?
Open an interactive chat with Bash
What are indicators of compromise (IoCs)?
Open an interactive chat with Bash
How can organizations utilize threat feeds effectively?