Hi we just discussed this issue last month in here. 42 is the answer. False pos maybe between 50 and 100 %. Two analysts should cover this. If not your tuning needs to get fixed.
------------------------------
[Karl] [Jaeger] [Business Partner]
[QRadar Specialist]
[pro4bizz]
[Karlsruhe] [Germany]
[4972190981722]
------------------------------
Original Message:
Sent: Wed November 30, 2022 05:55 AM
From: Peoist Garmacht
Subject: SOC sizing and Offence false positive rate
Hi All,
We're busy tuning our QR7.4 deployment trying to figure out how many analysists need to be monitoring a console of 10,000EPS and what a acceptable false positive rate shoudl be.
Happy for any advice.