- All Exams Instant Download
What will QRadar do with the triggered rule assuming no offenses exist for the username and no offenses are closed during this time?
An event is happening regularly and frequently; each event indicates the same target username. There is a rule configured to test for this event which has a rule action to create an offense indexed on the username.
What will QRadar do with the triggered rule assuming no offenses exist for the username and no offenses are closed during this time?
A . Each matching event will be tagged with the Rule name, but only one Offense will be created.
B . Each matching event will cause a new Offense to be created and will be tagged with the Rule name.
C . Events will be tagged with the rule name as long as the Rule Response limiter is satisfied. Only one offense will be created.
D . Each matching event will be tagged with the Rule name, and an Offense will be created if the event magnitude is greater than 6.
Answer: C
Subscribe
Login
0 Comments
