An analyst notices repeated failed SSH attempts from an external IP to a server. The analyst wants to quickly see all SSH-related events from that IP in the last hour. Which approach is most efficient?
Select one:
Cisco often tests the distinction between centralized log analysis (SIEM) and raw data inspection (p...