How to update the QRadar network hierarchy to prevent false positive offenses

Question & Answer

Question

IBM QRadar SIEM alerts to suspicious activity by creating offenses. An offense contains and links to information helpful to investigate it, such as events, flows, and asset profiles. Many offenses turn out to be false positives, and some false positives can be prevented by properly tuning the QRadar configuration.

The QRadar network hierarchy can cause false positives if it does not completely reflect which IP address ranges are local.

In this video, you learn how to change the network hierarchy based on the conclusion that an offense is a false positive.

Duration: 9 Minutes
Follow the link in related information to view the course on the IBM Security Learning Academy

Answer

The Security Learning Academy is a full service learning platform, providing various training objects and instruction options.

Related Information

Click here to view this course on the IBM Security Learning Academy

[{"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSBQAC","label":"IBM Security QRadar SIEM"},"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"All Version","Edition":" ","Line of Business":{"code":"LOB24","label":"Security Software"}}]

Tips

How to update the QRadar network hierarchy to prevent false positive offenses

Question & Answer

Question

Answer

Related Information

Was this topic helpful?

Document Information

UID

Share your feedback

Need support?