IBM QRadar

Hallo everyone , case work need , I need to know all formula from Behavioral rules , but doc in website seem not to explain too much . can somebody tell me where the parameter come?

what's it meaning for those parameter?

hope someone can kindly help ,there're url https://www.ibm.com/docs/en/qsip/7.4?topic=rules-anomaly-detection

thanks

Hi,

What do you mean by all formula from Behavioral rules?

In the link which you have share, Table 1. Behavioral rule test definitions contains the description for each of the parameter.

Parameter does come from your environment as Anomaly detection rules test the results of saved flow or events searches. Meaning, you need to create a saved search and on top of that you can only create ADE rules. And whatever parameter you define, that is going to come from your saved search data.

Thanks for your reply.

Since English is not my native language, I am confused about some nouns, such as the following statement "B is the base value for interval n"

Is interval different from season?

Is n meaning serial number?

Is Tn+1-s meaning last season's No. n+1 T ?

and all this 、Fn+1 、 Bn 、 Tn 、 Tn+1-s 、 Dn+1-s come from my environment?

And I want calculated base value need Tn but calculated need Bn , it confuse me.

Finally, thank you again for your response, and thank you for taking the time to understand my problem