Lucy is tasked with configuring alerts that are sent to system administrators. She builds a rule that can be represented in pseudocode as follows:
What threat does Lucy’s alert create?
- A DDoS that causes administrators to not be able to access systems
- A network outage
- Administrators may ignore or filter the alerts.
- A memory spike
C. Availability analysis targets whether a system or service is working as expected. While a SIEM may not have direct availability analysis capabilities, reporting on when logs and other data are not received from source systems can help detect outages. Ideally, Lucy’s organization should be using a system monitoring tool that can alarm on availability issues as well as common system problems such as excessive memory, network, disk, or CPU usage.
No comments:
Post a Comment