🔥 3-day streak
ISC2 CCSP — Certified Cloud Security Professional108 / 124
Question 108 of 124
A cloud SOC team reports that analysts are missing genuine intrusion alerts because the SIEM generates thousands of low-value notifications per day, mostly from benign automated scaling events and expected health-check traffic. Investigation shows correlation rules were deployed with vendor defaults and never adjusted to the environment. Which action should the SOC manager prioritize to most directly address the underlying problem?
Reviewed for accuracy · Report an issueNext question