Multiple Choice
The Brute Force Access Behavior Detected correlation search is enabled, and is generating many false positives. Assuming the input data has already been validated. How can the correlation search be made less sensitive?
A) Edit the search and modify the notable event status field to make the notable events less urgent.
B) Edit the search, look for where or xswhere statements, and after the threshold value being compared to make it less common match.
C) Edit the search, look for where or xswhere statements, and alter the threshold value being compared to make it a more common match.
D) Modify the urgency table for this correlation search and add a new severity level to make notable events from this search less urgent.
Correct Answer:
Verified
Correct Answer:
Verified
Q38: A set of correlation searches are enabled
Q39: What do threat gen searches produce?<br>A) Threat
Q40: Following the installation of ES, an admin
Q41: What feature of Enterprise Security downloads threat
Q42: In order to include an eventtype in
Q44: What does the Security Posture dashboard display?<br>A)
Q45: What are adaptive responses triggered by?<br>A) By
Q46: ES needs to be installed on a
Q47: Which argument to the | tstats command
Q48: A customer site is experiencing poor performance.