When might a Security Analyst want to review the payload of an event?
When might a Security Analyst want to review the payload of an event?
A . When immediately after login, the dashboard notifies the analyst of payloads that must be investigated
B . When “Review payload” is added to the offense description automatically by the “System: Notification” rule
C . When the event is associated with an active offense, the payload may contain information that is not normalized or extracted fields
D . When the event is associated with an active offense with a magnitude greater than 5, the payload should be reviewed, otherwise it is not necessary
Answer: C
Subscribe
Login
0 Comments
Inline Feedbacks
View all comments