Reduce Low Priority Intrusion Drop Events

B.

Reference https://www.cisco.com/c/en/us/td/docs/security/firepower/620/configuration/guide/fpmc-config-guide-v62/working_with_intrusion_events.html.

In this scenario, the engineer is tasked with reducing low priority intrusion drop events in the Cisco FMC event dashboard to better highlight high priority events. To accomplish this, the engineer should configure the system to drop and generate events.

When an intrusion event is detected by Cisco FMC, the system has several options for handling the event. The options include dropping the packet, generating an event, dropping the connection, or dropping and generating an event.

If the engineer chooses to drop the packet, it means that the system will discard the packet entirely without generating any event. This option is not suitable for the current situation since the engineer wants to reduce low priority events, not eliminate them altogether.

If the engineer chooses to generate events, the system will create an event and log it in the event dashboard. This option may help reduce the number of low priority intrusion drop events, but it does not prevent them from occurring.

If the engineer chooses to drop the connection, the system will terminate the connection and generate an event. This option is useful when the system detects a malicious activity that could affect the entire network. However, it does not help to reduce low priority events.

Therefore, the best option for the engineer is to configure the system to drop and generate events. This option will drop the packet, discard the event, and generate a new event with lower priority. This way, the engineer can reduce the number of low priority events in the event dashboard while still capturing the information for future analysis.

In summary, the correct answer is D, drop and generate.