Question 22
Main Page
Your SOC is overwhelmed with alerts. As a CISO, what’s your first priority?
A. Hire more analysts
B. Re-tune SIEM use cases and thresholds
C. Purchase a threat intelligence feed
D. Disable alerting temporarily
Answer: Re-tune SIEM use cases and thresholds
Over-alerting is often due to poorly tuned SIEM rules. Tuning improves signal-to-noise ratio without increasing headcount.