A task is set up to identify events that were missed by the Custom Rule Engine. Which two (2) types of events does an analyst look for?
To identify events that were missed by the Custom Rule Engine (CRE) in IBM Security QRadar SIEM, an analyst would primarily look for 'Log Only Events sent to a Data Store' and 'High Level Category Unknown Events.' Log Only Events are those that are stored directly without being processed by the CRE, indicating they might have been overlooked or not matched by any existing rules. High Level Category Unknown Events are those that do not fit into any of the predefined categories in QRadar, suggesting that the CRE might not have rules to handle or categorize these events properly. These types of events are crucial for analysts to review to ensure that no significant incidents are missed and to refine the rule set for better detection in the future.
Zack
5 months agoJulian
5 months agoAlberta
5 months agoCharlene
5 months agoCoral
4 months agoJanine
5 months agoMee
5 months agoAngelyn
5 months agoJeannetta
5 months agoMarisha
5 months agoAntonio
5 months agoMalissa
5 months agoRosalyn
4 months agoCrista
5 months ago