When an analyst sees the system notification “The appliance exceeded the EPS or FPM allocation within the last hour”, how does the analyst resolve this issue? (Choose two.)
An analyst is encountering a large number of false positive results. Legitimate internal network traffic contains valid flows and events which are making it difficult to identify true security incidents.What can the analyst do to reduce these false positive indicators?
What is the maximum time period for 3 subsequent events to be coalesced?
An analyst needs to create a new custom dashboard to view dashboard items that meet a particular requirement.What are the main steps in the process?
What event information within an offense would provide the analyst with a deep insight as to how it was created?
Which use case type is appropriate for VPN log sources? (Choose two.)
