A Snort sensor is generating many false-positive sfPortscan alerts, in which busy, trusted
hosts are flagged as the source of port sweep events. Which tuning strategy can mitigate
this problem?
A.
Apply a rule threshold.
B.
Add the host to the Ignore Scanner list.
C.
Add the host to the Ignore Scanned list.
D.
Add the host to the Watch IP list.