Question 154
Main Page
A new SIEM rule generates excessive false positives. What’s the best corrective action?
A. Remove the rule
B. Increase severity level
C. Refine logic and validate against baseline behavior
D. Ignore alerts temporarily
Show Answer