The Unusual protocol activity (Internal) network anomaly is generating too many alerts. An administrator has been asked to tune it to the option that will generate the least number of events without disabling it entirely.
Which strategy should the administrator use to achieve this goal?
To generate the least number of alerts without completely disabling the policy, the administrator should set the Alert Disposition to Conservative. This setting prioritizes reducing the number of false positives, which will result in fewer alerts being generated.
Answer is B https://docs.paloaltonetworks.com/prisma/prisma-cloud/prisma-cloud-admin/manage-prisma-cloud-administrators/define-prisma-cloud-enterprise-settings
B. Set the Alert Disposition to Conservative to reduce false positives.
Answer is B. Set alert disposition to conservative. https://docs.paloaltonetworks.com/prisma/prisma-cloud/prisma-cloud-admin/manage-prisma-cloud-administrators/define-prisma-cloud-enterprise-settings