Unit - 05 - Cyber Notes
Unit - 05 - Cyber Notes
Use: CVSS scores help prioritize remediation efforts and allocate resources
to the most critical vulnerabilities.
Evaluating Alerts
Definition: Evaluating alerts involves analyzing security alerts generated
by various tools to determine if they represent a real threat or a false
alarm.
Steps in Evaluation:
1. Alert Triage: Sorting alerts based on severity and relevance.
2. Contextual Analysis: Investigating the context of the alert,
including the affected system, the source of the alert, and any
recent network activity.
3. False Positive Reduction: Identifying and filtering out non-
threatening alerts to reduce noise and focus on actual threats.
4. Incident Response: If the alert indicates a real threat, the security
team initiates the incident response process to mitigate the issue.
Tools: Security Information and Event Management (SIEM) platforms like
Splunk, IBM QRadar, or ArcSight provide tools for managing and analyzing
alerts.