A SOC team receives multiple alerts by a rule that detects requests to malicious URLs and informs the incident response team to block the malicious URLs requested on the firewall. Which action will improve the effectiveness of the process?
A) Block local to remote HTTP/HTTPS requests on the firewall for users who triggered the rule.
B) Inform the user by enabling an automated email response when the rule is triggered.
C) Inform the incident response team by enabling an automated email response when the rule is triggered.
D) Create an automation script for blocking URLs on the firewall when the rule is triggered.

Question

Quizplus · Accepted Answer

The Answer of A SOC team receives multiple alerts by a rule that detects requests to malicious URLs and informs the incident response team to block the malicious URLs requested on the firewall. Which action will improve the effectiveness of the process?
A) Block local to remote HTTP/HTTPS requests on the firewall for users who triggered the rule.
B) Inform the user by enabling an automated email response when the rule is triggered.
C) Inform the incident response team by enabling an automated email response when the rule is triggered.
D) Create an automation script for blocking URLs on the firewall when the rule is triggered.

A SOC Team Receives Multiple Alerts by a Rule That