How is an incident defined in MARS?

How is an incident defined in MARS?

How is an incident defined in MARS?

A.
a raw message sent to the MARS via syslog, SNMP, or NetFlow by the reporting devices

B.
a series of events that is correlated to represent a single occurrence using related information within a given timeframe

C.
a series of events that triggered a defined rule in the system

D.
a series of behaviors in a session that describe an anomaly, worm, or virus



Leave a Reply 0

Your email address will not be published. Required fields are marked *