A SOC manager is complaining that a scheduled alert for failed login attempts triggered 150 emails. They still want to be alerted of failed logins via email, but they want less volume of alerts. Which of the following would resolve this for the SOC manager?
To reduce the volume of alert emails for failed login attempts, the trigger can be adjusted from 'For each result' to 'Once'. This change will ensure that instead of sending an email for each failed login attempt, the alert will only trigger a single email, consolidating the information into one alert rather than multiple.
C is correct. You change the alert frequency.
C is the correct answer
Running more frequently would not decrease the emails. C is the correct answer.
c is correct
fck u its C
100% Its "C"