An analyst has created a custom property from the events for searching for critical information. The analyst also needs to reduce the number of event logs and data volume that is searched when looking for the critical information to maintain the efficiency and performance of QRadar.
Which feature should the analyst use?
An analyst is encountering a large number of false positive results. Legitimate internal network traffic contains valid flows and events which are making it difficult to identify true security incidents.
What can the analyst do to reduce these false positive indicators?
An analyst needs to find events coming from unparsed log sources in the Log Activity tab.
What is the log source type of unparsed events?
Copyright © 2021-2024 CertsTopics. All Rights Reserved
