IBM QRadar: Rules

From Wiki
Revision as of 18:46, 19 January 2025 by Ebasso (talk | contribs) (Created page with "Uma Rule (regra) é um grupo de testes que podem desencadear uma ação se condições específicas forem atendidas. = Artigos = * [https://community.ibm.com/community/user/security/blogs/gladys-koskas1/2022/09/29/everything-you-need-to-know-about-qradar-rules Everything you need to know about QRadar Rules (for beginners and experts)] * [https://github.com/SigmaHQ/sigma (Github) Sigma - Generic Signature Format for SIEM Systems] = Exemplos = {| class="wikitable" |...")
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)

Uma Rule (regra) é um grupo de testes que podem desencadear uma ação se condições específicas forem atendidas.


Artigos

Exemplos

Header text Header text Header text
Windows Events

Apply Potential Windows Enumeration Detected and when an event matches any of the following BB: Windows Endpoint Events and when the event matches Event ID is any of 4688 and when the event matches Command (custom) any of [whoami or tasklist or system info] and NOT when the source OP is on of the following IP addresses || Example

Example Example Example
Example Example Example

Ver também

Retrieved from "https://ebasso.net/wiki/index.php?title=IBM_QRadar:_Rules&oldid=9197"