Which of the following is part of tuning correlation searches for a new ES installation?
Which of the following is part of tuning correlation searches for a new ES installation?
Part of tuning correlation searches for a new ES installation includes configuring correlation adaptive responses. Adaptive responses are actions that can be automatically or manually triggered based on correlation search results to support incident response workflows. Properly setting these up ensures the effectiveness of correlation searches in handling security events.
B. Configuring correlation adaptive responses.
The answer is B - Splunk ES Admin Slides 230
I also think the answer is B.
Answer is C - ES Admin 7 Page 245
P: 199 "Tuning Correlation Searches"
The correct answer is B
The correct answer is B
Part of tuning correlation searches for a new Splunk Enterprise Security (ES) installation includes configuring correlation adaptive responses. Adaptive responses are actions that are automatically or manually triggered based on the results of correlation searches. Properly configuring these responses helps ensure that the correlation searches effectively support incident response workflows.