Which of the following techniques can help a SOC team to reduce the number of alerts related to the internal security activities that the analysts have to triage?
A.
Enrich the SIEM-ingested data to include all data required for triage.
B.
Schedule a task to disable alerting when vulnerability scans are executing.
C.
Filter all alarms in the SIEM with low severity.
D.
Add a SOAR rule to drop irrelevant and duplicated notifications.
Chosen Answer:
This is a voting comment (?). You can switch to a simple comment. It is better to Upvote an existing comment if you don't have anything to add.
Submit