Question 169
Main Page
What is the most appropriate metric to track SIEM effectiveness?
A. Total GB of logs collected
B. Number of alerts closed
C. Detection rate of actual incidents vs. false positives
D. Average CPU usage
Answer: Detection rate of actual incidents vs. false positives
The balance between detecting real incidents and minimizing noise is a key indicator of SIEM tuning.