Jump to content

Wiki

Toggle the table of contents

IBM QRadar: Use Case Manager app

From Wiki

Revision as of 09:11, 15 January 2025 by Ebasso (talk | contribs) (→‎Rules)

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)

QRadar Use Case Manager app

Rules

when the event matches this AQL filter query

cria Rule que é disparado através do resultado de um query AQL

Testes negativos:

when the event(s) have not been detected by one or more of these log source types for this many seconds
when the event(s) have not been detected by one or more of these log sources for this many seconds
when the event(s) have not been detected by one or more of these log source groups for this many seconds

Devices stopped sending Events (Verifique o anexo DSSE.docx)

Ver também

Retrieved from "https://ebasso.net/wiki/index.php?title=IBM_QRadar:_Use_Case_Manager_app&oldid=9180"

IBM QRadar