A new IDS device is generating a very large number of irrelevant events. Which of the following
would BEST remedy this problem?
A.
Change the IDS to use a heuristic anomaly filter.
B.
Adjust IDS filters to decrease the number of false positives.
C.
Change the IDS filter to data mine the false positives for statistical trending data.
D.
Adjust IDS filters to increase the number of false negatives.