Developing Custom Rules in IBM QRadar SIEM

Question & Answer

Question

Overview

For each incoming event and flow, QRadar SIEM evaluates rules to test for indicators that suggest an attack or policy violation. In this lab, you learn how to create custom rules, building blocks, custom event properties, and a reference set to detect an example suspicious activity.

Objectives

Create and use custom event properties
Create and use a reference set
Add tests to new custom rules and building blocks
Leverage function tests
Configure rule actions and responses

Duration

1 hour

Follow the link in related information to view the course on the IBM Security Learning Academy

Answer

The Security Learning Academy is a full service learning platform, providing various training objects and instruction options.

Related Information

Click here to view this course on the IBM Security Learning Academy

[{"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSBQAC","label":"IBM Security QRadar SIEM"},"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"All Version","Edition":" ","Line of Business":{"code":"LOB24","label":"Security Software"}}]

Tips

Developing Custom Rules in IBM QRadar SIEM

Question & Answer

Question

Answer

Related Information

Was this topic helpful?

Document Information

UID

Share your feedback

Need support?