Question

55.2% complete Question An organization reviews recent audit results of monitoring solutions used to protect the company's infrastructure and learns that detection tools are reporting a high volume of false positives. Which alert tuning techniques can reduce the volume of false positives? (Select the three best options.)

A.Isolating sources of indicators, such as network addresses or files
B.Refining detection rules and muting alert levels
C.Redirecting sudden alert "floods" to a dedicated group
D.Redirecting infrastructure-related alerts to a dedicated group

Answer 1

To reduce false positives in monitoring solutions, organizations should isolate sources of indicators, refine detection rules, and redirect specific types of alerts to specialized teams.

Step-by-step explanation:

To reduce the volume of false positives in audit results of monitoring solutions, an organization can implement three alert tuning techniques. These techniques are:

1. Isolating sources of indicators, such as network addresses or files, to better understand and manage the flow of alerts.
2. Refining detection rules and muting alert levels to ensure alerts are more accurately tuned to the threats relevant to the organization's infrastructure.
3. Redirecting infrastructure-related alerts to a dedicated group, so that specialized teams can handle and analyze these alerts more effectively.

These techniques help in retaining the accuracy and efficiency of security monitoring systems and in reducing the cognitive load on operators to prevent the overlooking of genuine threats.