You implement Traffic Anomaly detection and you find numerous alerts of port scans from your
security auditing team that you want to ignore. You create an address book entry for the security
audit team specifying the IP addresses of those machines. What should you do next?
A.
Create a rule at the top of the Traffic Anomaly rule base to ignore traffic from security audit team,
and make this a terminal rule.
B.
Create a rule at the top of the Traffic Anomaly rulebase to ignore traffic from security audit team.
C.
Create a rule at the top of the IDP rulebase to ignore traffic from security audit team, and make
this a terminal rule.
D.
Create an exempt rule for the security audit team in the Exempt rulebase to ignore Traffic
Anomalies.