IBM QRadar: Use Case Manager app: Difference between revisions
No edit summary |
(→Rules) |
||
| Line 7: | Line 7: | ||
: cria Rule que é disparado através do resultado de um query AQL | : cria Rule que é disparado através do resultado de um query AQL | ||
* | Testes negativos: | ||
* when the event(s) have not been detected by one or more of these log source types for this many seconds | |||
* when the event(s) have not been detected by one or more of these log sources for this many seconds | |||
* when the event(s) have not been detected by one or more of these log source groups for this many seconds | |||
* [https://community.ibm.com/community/user/security/discussion/devices-stopped-sending-events Devices stopped sending Events (Verifique o anexo DSSE.docx)] | |||
= Ver também = | = Ver também = | ||
Revision as of 09:11, 15 January 2025
Rules
- when the event matches this AQL filter query
- cria Rule que é disparado através do resultado de um query AQL
Testes negativos:
- when the event(s) have not been detected by one or more of these log source types for this many seconds
- when the event(s) have not been detected by one or more of these log sources for this many seconds
- when the event(s) have not been detected by one or more of these log source groups for this many seconds