GIAC Security Leadership Certification (GSLC) — Question 8

Which SIEM feature reduces false positives?

Answer options

• A. Network extraction
• B. Event correlation
• C. Default alerting
• D. Input-driven logging

Correct answer: D

Explanation

Input-driven logging enhances the accuracy of data collection, ensuring that only relevant information is logged, which helps in reducing false positives. The other options, while important for SIEM functionality, do not specifically target the reduction of false alerts in the same manner as input-driven logging does.