Checking Your Understanding

Now that you have completed the lab, see if you can answer these questions.

  1. How would you explain information entropy to a colleague?

  2. When you configure entropy thresholds using the Alert Analyzer, are alerts below the threshold automatically excluded from further processing?

  3. What is the difference between using global and subset entropy thresholds in Cookbook configuration settings?

This concludes the lab.