A security analyst is receiving several alerts per user and is trying to determine if various logins are malicious.
The security analyst would like to create a baseline of normal operations and reduce noise. Which of the
following actions should the security analyst perform?
A. Adjust the data flow from authentication sources to the SIEM.
B. Disable email alerting and review the SIEM directly.
C. Adjust the sensitivity levels of the SIEM correlation engine.
D. Utilize behavioral analysis to enable the SIEM's learning mode.
The security analyst would like to create a baseline of normal operations and reduce noise. Which of the
following actions should the security analyst perform?
A. Adjust the data flow from authentication sources to the SIEM.
B. Disable email alerting and review the SIEM directly.
C. Adjust the sensitivity levels of the SIEM correlation engine.
D. Utilize behavioral analysis to enable the SIEM's learning mode.