🔥 3-day streak
Professional Security Operations Engineer126 / 241
Question 126 of 241
A SOC using Google SecOps SOAR receives a burst of 40 separate alerts within 15 minutes, all referencing brute-force login attempts against the same set of externally facing VPN accounts from a shared range of source IPs. Analysts are opening a new case for each alert, causing duplicated investigation effort and inconsistent response actions. As the SecOps engineer, what is the most effective way to improve triage efficiency for this recurring pattern?
Reviewed for accuracy · Report an issueNext question