An analyst investigates an Offense that will need more research to outline what has occurred. The analyst marks a ‘Follow up’ flag on the Offense.What happens to the Offense after it is tagged with a ‘Follow up’ flag?
An analyst noticed that from a particular subnet (203.0.113.0/24), all IP addresses are simultaneously trying to reach out to the company’s publicly hosted FTP server.The analyst also noticed that this activity has resulted in a Type B Superflow on the Network Activity tab.Under which category, should the analyst report this issue to the security administrator?
An analyst is investigating an Offense and has found that the issue is that a firewall appears to be misconfigured and has permitted traffic that should be prevented to pass.As part of the firewall rule change process, the analyst needs to send the offense details to the firewall team to demonstrate that the firewall permitted traffic that should have been blocked.How would the analyst send the Offense summary to an email mailbox?
Which statement about False Positive Building Blocks applies?Using False Positive Building Blocks:
An auditor has requested a report for all Offenses that have happened in the past month. This report generates at the end of every month but the auditor needs to have it for a meeting that is in the middle of the month.What will happen to the scheduled report if the analyst manually generates this report?
Which use case type is appropriate for VPN log sources? (Choose two.)
