Posted By
Jan Prins
Sat October 12, 2019 08:02 AM
Found In
Egroup:
IBM Security QRadar
\
view thread
Hi, Trying to whitelist a false positive offense. In a log source there are two types of events... Event 1, signals a suspicious situation. Event 2, signals a situation as occurred from a certain machine. Now there is a similarity... If event 1 occurs and event 2 has occurred in the same ...
|