Question

Charles wants to use his SIEM to automatically flag known bad IP addresses. Which of the following capabilities is not typically used for this with SIEM devices?

a) Anomaly detection
b) Log correlation
c) Packet filtering
d) Threat intelligence integration

Answer 1

Packet filtering is not a typical function of SIEM systems, which are used to flag bad IP addresses through anomaly detection, log correlation, and threat intelligence integration.

Step-by-step explanation:

Charles wants to use his SIEM (Security Information and Event Management) to automatically flag known bad IP addresses. The capabilities typically used for this with SIEM devices are anomaly detection, log correlation, and threat intelligence integration. However, packet filtering is not typically a function of SIEM systems. Packet filtering is generally carried out by network security devices such as firewalls or intrusion prevention systems (IPS).