A penetration tester was able to connect to a company’s internal network and perform scans and staged attacks for the duration of the testing period without being noticed. The SIEM did not alert the security team to the presence of the penetration tester’s devices on the network.
Which of the following would provide the security team with notification in a timely manner?
A . Implement rogue system detection and sensors
B . Create a trigger on the IPS and alert the security team when unsuccessful logins occur
C . Decrease the correlation threshold for alerts on the SIEM
D . Run a credentialed vulnerability scan
Answer: A