🔥 3-day streak
CompTIA Security+ (SY0-701)57 / 77
Question 57 of 77

A security analyst is configuring a SIEM to detect potential brute force attacks against the organization's web application. The analyst wants to generate an alert when multiple failed login attempts from the same source IP address occur within a short time window, followed by a successful login. Which SIEM capability should the analyst primarily utilize to achieve this detection?

Reviewed for accuracy · Report an issueNext question →