Valid Security-Operations-Engineer Dumps shared by EduDump.com for Helping Passing Security-Operations-Engineer Exam! EduDump.com now offer the newest Security-Operations-Engineer exam dumps, the EduDump.com Security-Operations-Engineer exam questions have been updated and answers have been corrected get the newest EduDump.com Security-Operations-Engineer dumps with Test Engine here:
A Google Security Operations (SecOps) detection rule is generating frequent false positive alerts. The rule was designed to detect suspicious Cloud Storage enumeration by triggering an alert whenever the storage.objects.list API operation is called using the api.operation UDM field. However, a legitimate backup automation tool that uses the same API, causing the rule to fire unnecessarily. You need to reduce these false positives from this trusted backup tool while still detecting potentially malicious usage. How should you modify the rule to improve its accuracy?
Correct Answer: A
The most accurate way to reduce false positives is to exclude the known trusted backup automation account by adding a condition such as principal.user.email != "backup- [email protected]". This keeps the rule active for all other accounts, ensuring you still detect suspicious or malicious Cloud Storage enumeration while preventing unnecessary alerts from legitimate automation.