IBM QRadar: Use Case Manager app: Difference between revisions
No edit summary |
No edit summary |
||
| (2 intermediate revisions by the same user not shown) | |||
| Line 7: | Line 7: | ||
: cria Rule que é disparado através do resultado de um query AQL | : cria Rule que é disparado através do resultado de um query AQL | ||
* | Testes negativos: Esses testes acionam uma ação específica que é a geração de um novo evento, isto é, geram um novo QID com o iD do LogSource!!! | ||
* when the event(s) have not been detected by one or more of these log source types for this many seconds | |||
* when the event(s) have not been detected by one or more of these log sources for this many seconds | |||
* when the event(s) have not been detected by one or more of these log source groups for this many seconds | |||
* [https://community.ibm.com/community/user/security/discussion/devices-stopped-sending-events Devices stopped sending Events (Verifique o anexo DSSE.docx)] | |||
= Ver também = | = Ver também = | ||
Latest revision as of 09:14, 15 January 2025
Rules
- when the event matches this AQL filter query
- cria Rule que é disparado através do resultado de um query AQL
Testes negativos: Esses testes acionam uma ação específica que é a geração de um novo evento, isto é, geram um novo QID com o iD do LogSource!!!
- when the event(s) have not been detected by one or more of these log source types for this many seconds
- when the event(s) have not been detected by one or more of these log sources for this many seconds
- when the event(s) have not been detected by one or more of these log source groups for this many seconds