Developing Anomaly Detection Rules in IBM QRadar SIEM

Question & Answer

Question

Anomaly detection aims to alert to threats that are undocumented and therefore cannot be detected by methods that monitor for well defined indicators. Such threats can be detected by monitoring for an unusual volume of activities. With IBM® QRadar® SIEM, create anomaly detection rules to monitor for deviations from the baseline of expected activities.

In these exercises, you develop an anomaly detection rule of type Anomaly. It tests for the deviation of the number of events matching a grouped search from the weighted moving average. The rule fires in the exercise because the sample data spikes above the deviation percentage configured in the anomaly rule.

Duration: 45 Minutes
Follow the link in related information to view the course on the IBM Security Learning Academy

[{"Business Unit":{"code":"BU048","label":"IBM Software"},"Product":{"code":"SSBQAC","label":"IBM Security QRadar SIEM"},"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"All Version","Edition":" ","Line of Business":{"code":"LOB77","label":"Automation Platform"}}]

Log InLog in to view more of this document

This document has the abstract of a technical article that is available to authorized users once you have logged on. Please use Log in button above to access the full document. After log in, if you do not have the right authorization for this document, there will be instructions on what to do next.

Tips

Developing Anomaly Detection Rules in IBM QRadar SIEM

Question & Answer

Question

Log InLog in to view more of this document

Was this topic helpful?

Document Information

UID

Share your feedback

Need support?