Question 4
The Administrator of an IBM Security QRadar SIEM V7.2.8 deployment needs to determine which rules are most active in generating offenses.
How would the Administrator accomplish this from the Offenses tab of the QRadar console?
Rules -> Group -> “Most Active Offenses”.
Rules -> Rules -> Offense Count to reorder the column in descending order.
All Offenses -> All Offenses -> Offense Count to reorder the column in descending order.
All Offenses -> All Offenses -> Events to reorder the column in descending order. Use the Actions menu to view the rule information for a specific offence.
Correct answer: B
Explanation:
1. Click the Offenses tab. 2. On the navigation menu, click Rules. To determine which rules are most active in generating offenses, from the rules page, click Offense Count to reorder the column in descending order. 3. Double-click any rule to display the Rule Wizard. You can configure a response to each rule. Reference: ftp://ftp.software.ibm.com/software/security/products/qradar/documents/7.2.8/en/b_qradar_tuning_guide.pdf
1. Click the Offenses tab.
2. On the navigation menu, click Rules. To determine which rules are most active in generating offenses, from the rules page, click Offense Count to reorder the column in descending order.
3. Double-click any rule to display the Rule Wizard. You can configure a response to each rule.
Reference: ftp://ftp.software.ibm.com/software/security/products/qradar/documents/7.2.8/en/b_qradar_tuning_guide.pdf