IBM QRadar

IBM QRadar

Join this online user group to communicate across Security product users and IBM experts by sharing advice and best practices with peers and staying up to date regarding product enhancements.

 View Only

  • 1.  UUID Field for Rule Limiter

    Posted Wed January 22, 2025 06:29 AM

    Hello Everyone,

    How are you?

    My name is Jonathas and this is the first time I write on this forum. If you have any observations, feel free to correct me.

    I would like to know if it is possible to create a field that serves as a UUID, where one or more fields are concatenated and then transformed into a UUID.
    I will use it in Rule Limiter because I have more granularity and control for the rule trigger.

    I looked for some function, but I don't think it exists (I think)

    Thanks in advance



    ------------------------------
    Jonathas Silva
    ------------------------------


  • 2.  RE: UUID Field for Rule Limiter

    Posted Wed January 22, 2025 08:39 AM

    Have a look at creating an AQL Custom Event Property.  Specifically, using the CONCAT() function in it.



    ------------------------------
    Paul Ford-Hutchinson
    ------------------------------

    Original Message


Related Content