Chat now

Deal of The Day! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25

- Free Preparation Discussions

IBM Exam C1000-162 Topic 2 Question 25 Discussion

Actual exam question for IBM's C1000-162 exam

Question #: 25
Topic #: 2

[All C1000-162 Questions]

What is an effective method to fix an event that is parsed an determined to be unknown or in the wrong QReader category/

ACreate a DSM extension to extract the category from the payload

BCreate a Custom Property to extract the proper Category from the payload

COpen the event details, select map event, and assign it to the correct category

DWrite a Custom Rule, and use Rule Response to send a new event in the proper category

Show Suggested Answer

Suggested Answer: B

The magnitude rating of an offense in QRadar is calculated based on relevance, severity, and credibility. Relevance determines the impact on the network, credibility indicates the integrity of the offense, and severity represents the level of threat. QRadar uses complex algorithms to calculate and periodically re-evaluate the offense magnitude rating.

by Jerrod at Sep 19, 2024, 02:40 AM

Limited Time Offer

25%

Off

Get Premium C1000-162 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel

Kandis

5 days ago

Option B could work, but creating a custom property just to extract the category seems like overkill. I'd rather use a more direct approach.

upvoted 0 times

...

Latricia

12 days ago

I'd go with Option D. Writing a custom rule to handle the issue and generate a new event in the proper category seems more flexible and scalable.

upvoted 0 times

Marci

12 hours ago

I agree, writing a custom rule seems like the most effective solution.

upvoted 0 times

...

Danica

5 days ago

I think Option D is the best choice.

upvoted 0 times

...

...

Lavina

23 days ago

Option C looks like the most straightforward solution. Modifying the event mapping seems like the easiest way to reassign the category.

upvoted 0 times

Lawanda

14 hours ago

I agree, option C seems like the most efficient way to fix the event category.

upvoted 0 times

...

...

Shanice

28 days ago

I believe writing a Custom Rule and using Rule Response is the most effective way.

upvoted 0 times

...

Lavonne

1 months ago

I prefer creating a Custom Property to extract the proper Category.

upvoted 0 times

...

Elsa

1 months ago

I think creating a DSM extension is the best method.

upvoted 0 times

...

az-700 pass4success az-104 200-301 200-201 cissp 350-401 350-201 350-501 350-601 350-801 350-901 az-720 az-305 pl-300

Warning: Cannot modify header information - headers already sent by (output started at /pass.php:70) in /pass.php on line 77

a