Question 71
Main Page
During SIEM tuning, what should guide alert definitions?
A. Executive preferences
B. Network bandwidth limits
C. Realistic use cases and threat models
D. Internal politics
Answer: Realistic use cases and threat models
SIEM alerts must be based on specific threats the organization faces and validated against use cases.