Deal of The Day! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location PL
Mob_nav_barsMENU

IBM Exam C1000-162 Topic 2 Question 25 Discussion

Actual exam question for IBM's C1000-162 exam
Question #: 25
Topic #: 2
[All C1000-162 Questions]

What is an effective method to fix an event that is parsed an determined to be unknown or in the wrong QReader category/

Show Suggested Answer Hide Answer
Suggested Answer: B

The magnitude rating of an offense in QRadar is calculated based on relevance, severity, and credibility. Relevance determines the impact on the network, credibility indicates the integrity of the offense, and severity represents the level of threat. QRadar uses complex algorithms to calculate and periodically re-evaluate the offense magnitude rating.


by Jerrod at Sep 19, 2024, 02:40 AM

Limited Time Offer

25%

Off

Get Premium C1000-162 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel
Tatum
4 days ago
I bet the developers who came up with these options were having a laugh. 'Let's see if they can figure out the sane one!'
upvoted 0 times
...
Dean
5 days ago
Hmm, I wonder if there's an 'E) Summon the QReader gods and offer them a sacrifice' option hidden somewhere.
upvoted 0 times
...
Yolando
8 days ago
Option A? Really? Creating a whole DSM extension for this? That's like using a sledgehammer to crack a nut.
upvoted 0 times
...
Kandis
21 days ago
Option B could work, but creating a custom property just to extract the category seems like overkill. I'd rather use a more direct approach.
upvoted 0 times
Lindsey
2 days ago
C) Open the event details, select map event, and assign it to the correct category
upvoted 0 times
...
Dylan
10 days ago
A) Create a DSM extension to extract the category from the payload
upvoted 0 times
...
...
Latricia
28 days ago
I'd go with Option D. Writing a custom rule to handle the issue and generate a new event in the proper category seems more flexible and scalable.
upvoted 0 times
Julio
8 days ago
I prefer creating a Custom Property to extract the proper Category.
upvoted 0 times
...
Stephaine
9 days ago
Creating a DSM extension could work too.
upvoted 0 times
...
Marci
16 days ago
I agree, writing a custom rule seems like the most effective solution.
upvoted 0 times
...
Danica
20 days ago
I think Option D is the best choice.
upvoted 0 times
...
...
Lavina
1 months ago
Option C looks like the most straightforward solution. Modifying the event mapping seems like the easiest way to reassign the category.
upvoted 0 times
Jolene
10 days ago
I think creating a Custom Property could also work well to extract the correct category.
upvoted 0 times
...
Lawanda
16 days ago
I agree, option C seems like the most efficient way to fix the event category.
upvoted 0 times
...
...
Shanice
1 months ago
I believe writing a Custom Rule and using Rule Response is the most effective way.
upvoted 0 times
...
Lavonne
2 months ago
I prefer creating a Custom Property to extract the proper Category.
upvoted 0 times
...
Elsa
2 months ago
I think creating a DSM extension is the best method.
upvoted 0 times
...

Save Cancel
az-700  pass4success  az-104  200-301  200-201  cissp  350-401  350-201  350-501  350-601  350-801  350-901  az-720  az-305  pl-300  

Warning: Cannot modify header information - headers already sent by (output started at /pass.php:70) in /pass.php on line 77
a