Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

FSDA > Chapter_6_Alerts & cases > Flashcards

Chapter_6_Alerts & cases Flashcards

1
Q

What is an alert?

A

A collection of one or more logically correlated suspicious events

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

What could trigger an alert?

A
  • Unexpected communication between devices
  • Upload of a new firmware version to a PLC
  • Communication deviating from the protocol specifications
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

What is a Case?

A
  • Alert cases can group related alerts together
  • Cases can be configured to automatically assign new alerts
  • Case status can be changed upon of investigation of the underlying problem
  • Cases allow operators to focus on new threats appearing on the network,while keeping track of problems already being analyzed
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

What are some of the best practices when managing cases?

A
  • Change the status of alerts after they have been investigated
  • Create customization rules to change the severity and/or status of alerts automatically
  • Proactively adjust the whitelists of the detection engines to reduce false positives(covered in upcoming Chapters)
  • Create cases for known issues
  • Create additional custom filters for important events
How well did you know this?
1
Not at all
2
3
4
5
Perfectly

FSDA (15 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions