A security analyst is tasked with implementing a solution to receive timely data on emerging malware, malicious IP addresses, and known vulnerabilities. Which of the following would BEST fulfill this requirement?
A vulnerability scanner
A Security Information and Event Management (SIEM) system
The correct answer is a threat feed. A threat feed is a real-time or near-real-time stream of data providing information on current and potential cyber threats, including indicators of compromise like malicious IPs, URLs, and malware signatures. A security baseline defines a standard state for a system, a SIEM is used to aggregate and analyze log data from internal sources, and a vulnerability scanner actively probes systems for weaknesses rather than providing a continuous external data stream.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is a threat feed and how does it work?
Open an interactive chat with Bash
How does a threat feed differ from a SIEM system?
Open an interactive chat with Bash
What types of information are typically included in a threat feed?