What is the appropriate action to take?

You implement Traffic Anomaly detection and you find numerous alerts of
portscans from your Security Auditing team that you want to ignore. What is the appropriate action
to take?

You implement Traffic Anomaly detection and you find numerous alerts of
portscans from your Security Auditing team that you want to ignore. What is the appropriate action
to take?

A.
create a rule on top of Traffic Anomaly rulebase to ignore traffic from “Security Audit Team”

B.
create a rule on top of Main rulebase to ignore traffic with “from the Security Audit Team” and
make this a Terminal rule

C.
create a rule on top of Traffic Anomaly rulebase to ignore traffic with a “from the Security Audit
Team” and make this a Terminal rule

D.
create an Exempt rule for the Security Audit team in the Exempt to ignore Traffic
Anomalies



Leave a Reply 0

Your email address will not be published. Required fields are marked *