A security analyst notices that the number of failed login attempts has significantly increased over the past week. The SIEM alerts are not being triggered because the threshold was set too high. What is the MOST effective immediate action to improve monitoring?
Trap 1: Implement a new authentication system with biometrics.
Too costly and time-consuming for immediate action.
Trap 2: Enable all SIEM rules to capture every event.
Causes alert fatigue and operational overload.
Trap 3: Review logs manually each day to identify anomalies.
Manual review is not scalable and may miss events.
- A
Implement a new authentication system with biometrics.
Why wrong: Too costly and time-consuming for immediate action.
- B
Lower the threshold for failed login alerts in the SIEM.
Directly fixes the issue of missed alerts.
- C
Enable all SIEM rules to capture every event.
Why wrong: Causes alert fatigue and operational overload.
- D
Review logs manually each day to identify anomalies.
Why wrong: Manual review is not scalable and may miss events.