NOTE: It is mandatory to answer the question before proceeding to the next one.

Where will you find the reputation IP database, if you want to monitor traffic from known bad IP reputation using OSSIM SIEM?

 Sam, a security analyst with INFOSOL INC., while monitoring and analyzing IIS logs, detected an event matching regex /\w*((%27)|(’))((%6F)|o|(%4F))((%72)|r|(%52))/ix.

In which of the following incident handling and response stages, the root cause of the incident must be found from the forensic results?

Which of the following data source can be used to detect the traffic associated with Bad Bot User-Agents?