Question
A security analyst is reviewing the logs from a NGFWs automated correlation engine and sees the following: Match time Object name Source address Summary 2019-07-23
A security analyst is reviewing the logs from a NGFWs automated correlation engine and sees the following:
| Match time | Object name | Source address | Summary |
| 2019-07-23 10:14:33 | Possible beacon Detection | 10.202.10.89 | Host is generating unknown TCP or UDP network traffic |
| 2019-07-23 10:14:52 | Possible beacon detection | 10.202.88.88 | Host is generating unknown TCP or UDP network traffic |
| 2019-07-23 10:19:12 | Potential C2 communication detected | 10.202.55.3 | Host repeatedly visited malware domains (100) |
| 2019-07-23 10:21:21 | Compromised asset | 10.202.100.12 | Host is compromised based on a sequence of recent threat log activity |
| 2019-07-23 10:30:37 | Possible beacon detection | 10.202.123.99 | Host is generating unknow TCP or UDP network |
| 2019-07-23 10:32:03 | Possible beacon detection | 10.202.44.107 | Host visited known malware URL (15) |
Which of the following should be analyst perform FIRST?
- Isolate the compromised host from the network
- Clear the logs and see if the same events reoccur
- Set up an alert to receive an email notification for all events
- Refresh the URL filtering database to ensure accuracy
- Set up a packet capture to analyze the unknown TCP and UDP traffic
Step by Step Solution
There are 3 Steps involved in it
Step: 1
Get Instant Access to Expert-Tailored Solutions
See step-by-step solutions with expert insights and AI powered tools for academic success
Step: 2
Step: 3
Ace Your Homework with AI
Get the answers you need in no time with our AI-driven, step-by-step assistance
Get Started
The Structure Of The Relational Database Model
Authors: Jan Paredaens ,Paul De Bra ,Marc Gyssens ,Dirk Van Gucht
1st Edition
3642699588, 978-3642699580
