Question

Lucy is the SOC operator for her organization and is responsible for monitoring her organization's SIEM and other security devices. Her organization has both domestic and international sites, and many of their employees travel frequently.

Lucy configures an alert that detects when users who do not typically travel log in from other countries. What type of analysis is this?
A. Trend
B. Availability
C. Heuristic
D. Behavior

Answer 1

Lucy is using Behavioral Analysis which triggers alerts when users who don't usually travel log in from foreign locations, indicating an anomaly in the expected behavior patterns.

Step-by-step explanation:

Lucy, as a SOC operator, configuring an alert that detects anomalous logins from unusual locations for users who do not typically travel, is employing Behavioral Analysis. This type of analysis monitors for deviations from normal behavior patterns, which in this case would be the common travel patterns of the employees. When a login occurs from an unexpected location, especially a different country, it triggers an alert. This is in contrast to the other options where Trend Analysis focuses on long-term data patterns, Availability Analysis pertains to system uptime and resource accessibility, and Heuristic Analysis is related to detecting malware based on heuristic rules or algorithms.