When might a Security Analyst want to review the payload of an event?

When might a Security Analyst want to review the payload of an event?
A . When immediately after login, the dashboard notifies the analyst of payloads that must be investigated
B . When “Review payload” is added to the offense description automatically by the “System: Notification” rule
C . When the event is associated with an active offense, the payload may contain information that is not normalized or extracted fields
D . When the event is associated with an active offense with a magnitude greater than 5, the payload should be reviewed, otherwise it is not necessary

View Answer

Answer: C