An organization has implemented a SIEM solution and wants to reduce false positives. Which of the following is the most effective approach?
Tuning allows the SIEM to ignore patterns that are known to be non-malicious.
Why this answer
Option C is correct because tuning correlation rules based on known false positive patterns reduces noise. Option A is wrong because increasing log sources may introduce more noise. Option B is wrong because lowering thresholds may increase false positives.
Option D is wrong because manually verifying all alerts is inefficient and does not reduce false positives.