IBM Security QRadar

Expand all | Collapse all

Rule test not working

  • 1.  Rule test not working

    Posted Mon September 14, 2020 01:43 PM
    Hi All,

    I have a rule configured as below:

    Apply Rule Name on events which are detected by Global system
    AND when an event matches one of the following CONDITION A
    AND when none of the following CONDITION B matches in 5 minutes after CONDITION A matches for same Property1 

    Even if the condition B is matching within 5 minutes after Condition A, an offense is triggering. Am I missing something in the rule tests or Is my understanding of rule test is incorrect?

    Any help on this is well appreciated. Thank you very much.

    ------------------------------
    Sivachandu Gudivada
    ------------------------------


  • 2.  RE: Rule test not working

    Posted 10 days ago
    Hello Sivachandu,

    I would like to answer your question but, as Condition A, Condition B and Property1 are integral parts of the rule. No proper answer can be given without this information.

    Regards,
    Thijs

    ------------------------------
    THIJS VILLEVOIJE
    ------------------------------