A SOC team receives multiple alerts by a rule that detects requests to malicious URLs and informs the incident response team to block the malicious URLs requested on the firewall. Which action will improve the effectiveness of the process?
A.
Block local to remote HTTP/HTTPS requests on the firewall for users who triggered the rule.
B.
Inform the user by enabling an automated email response when the rule is triggered.
C.
Inform the incident response team by enabling an automated email response when the rule is triggered.
D.
Create an automation script for blocking URLs on the firewall when the rule is triggered.
Creating an automation script for blocking URLs on the firewall when the rule is triggered will improve the effectiveness of the process by reducing the time between the detection of a request to a malicious URL and the blocking action. This proactive approach ensures that the URLs are blocked immediately, minimizing the window of opportunity for the threat to cause harm
Contribute your Thoughts:
Chosen Answer:
This is a voting comment (?). You can switch to a simple comment. It is better to Upvote an existing comment if you don't have anything to add.
Submit