The identity and access management team is sending logs to the SIEM for continuous monitoring. The deployed log collector is forwarding logs to the SIEM. However, only false positive alerts are being generated .
Which of the following is the most likely reason for the inaccurate alerts?
A . The compute resources are insufficient to support the SIEM
B . The SIEM indexes are 100 large
C . The data is not being properly parsed
D . The retention policy is not property configured
Answer: C
Explanation:
Proper parsing of data is crucial for the SIEM to accurately interpret and analyze the logs being forwarded by the log collector. If the data is not parsed correctly, the SIEM may misinterpret the logs, leading to false positives and inaccurate alerts. Ensuring that the log data is correctly parsed allows the SIEM to correlate and analyze the logs effectively, which is essential for accurate alerting and monitoring.
Latest CAS-005 Dumps Valid Version with 117 Q&As
Latest And Valid Q&A | Instant Download | Once Fail, Full Refund