Which of the following actions would not reduce the number of false positives from a correlation search?
Which of the following actions would not reduce the number of false positives from a correlation search?
Reducing the severity would not reduce the number of false positives from a correlation search. Severity levels are used to indicate the importance or priority of events or alerts, but they do not affect the actual detection or accuracy of the correlation search. Therefore, changing the severity level will not impact the rate of false positives.
A is correct not B
A is correct
A is correct
A is correct
Increasing the throttling window: Throttling window defines the time period during which events are considered for correlation. Increasing the throttling window allows for a broader time range of events to be considered, which can help in better identifying true correlations and reducing false positives.
Sorry, correcting here option A is correct : A. Reducing the severity. Reducing the severity would not directly impact the number of false positives in a correlation search. Severity is typically used to assign a level of importance or priority to events or alerts, but it doesn't affect the accuracy or false positive rate of the correlation search itself.
C. Increasing the throttling window: This option may help reduce false positives. The throttling window determines how long related events are grouped together. If the window is too short, unrelated events may be grouped together, generating false positives. If the window is too long, legitimate events may be excluded from the group. Increasing the window may allow more legitimate events to be grouped together, reducing the number of false positives.
Can someone please explain this?
A is correct
I am not sure but I think B will do the job
"not reduce"