Certified SOC Analyst (CSA) — Question 9

Where will you find the reputation IP database, if you want to monitor traffic from known bad IP reputation using OSSIM SIEM?

Answer options

• A. /etc/ossim/reputation
• B. /etc/ossim/siem/server/reputation/data
• C. /etc/siem/ossim/server/reputation.data
• D. /etc/ossim/server/reputation.data

Correct answer: D

Explanation

The correct answer is D, as this is the designated path for the reputation IP database in OSSIM SIEM. Options A, B, and C are incorrect because they either point to non-existent directories or do not follow the correct structure used by OSSIM for storing reputation data.