An analyst had been researching an Offense that has now disappeared from the active Offense list.
What is the period of time that has to pass before an active Offense that receives no new contributing events or flows become inactive?
An offense remains in a dormant state for 5 days. If an event is added while an offense is dormant, the five-day counter is reset.
An analyst has to perform an export of events within a timeframe, but not all the columns are present in the log view for the time period the analyst has selected. The analyst only needs specific columns exported for an external analysis.
How can the analyst accomplish this task?
Where can an analyst working with Offenses add a regular expression test into an existing rule?
The graph below shows a time series of a value. A rule has been created which will trigger at the indicated point.
Which type of QRadar rule has been used?
