A security analyst receives an alert about hundreds of login attempts from unusual geographic locations within the last few minutes. What can the analyst use to review a timeline of the login attempts, locations, and time of activity? A. A network protocol analyzer (packet sniffer)
B. An operating system
C. A playbook
D. A SIEM tool dashboard
The correct answer is D. A SIEM tool dashboard.
A Security Information and Event Management (SIEM) tool provides real-time analysis of security alerts generated by applications and network hardware. It collects and aggregates logged data from multiple sources, allowing analysts to review timelines of login attempts, geographic locations, and the times of activity effectively. This makes it the best choice for monitoring suspicious login behaviors in this scenario.