🔥 3-day streak
CompTIA CySA+ (CS0-003)77 / 147
Question 77 of 147

A SOC analyst notices that a SIEM correlation rule designed to detect brute-force authentication is generating hundreds of alerts per day, nearly all of which are traced back to a single vulnerability scanner and two automated backup service accounts performing scheduled logins. Analysts are spending excessive time triaging these alerts and have begun ignoring the rule's output. Which action best improves detection efficiency while preserving the rule's security value?

Reviewed for accuracy · Report an issueNext question