Question 176
Main Page
What’s a challenge with overly broad alert rules in a SIEM?
A. Reduced log storage
B. Elimination of escalation
C. Alert fatigue and missed real threats
D. Faster analyst response times
Answer: Alert fatigue and missed real threats
Excessive, poorly defined alerts overwhelm analysts, reducing response effectiveness.