The Use Case Manager app has an option to see MITRE heat map.
Which two (2) factors are responsible for the different colors in MITRE heat map?
When an analyst is investigating an offense, what is the property that specifies the device that attempts to breach the security of a component on the network?
An analyst runs a search with correct AQL. but no errors or results are shown.
What is one reason this could occur?
New vulnerability scanners are deployed in the company's infrastructure and generate a high number of offenses. Which function in the Use Case Manager app does an analyst use to update the list of vulnerability scanners?
Which type of rule requires a saved search that must be grouped around a common parameter
When searching for all events related to "Login Failure", which parameter should a security analyst use to filter the events?
Which two (2) values are valid for the Offense Type field when a search is performed in the My Offenses or All Offenses tabs?
Which two (2) aggregation types ate available for the pie chart in the Pulse app?
Which QRadar component provides the user interface that delivers real-time flow views?
What right-click menu option can an analyst use to find information about an IP or URL?
What happens when you select "False Positive" from the right-click menu in the Log Activity tab?
Which two (2) options are at the top level when an analyst right-clicks on the Source IP or Destination IP that is associated with an offense at the Offense Summary?
Which two (2) aggregation types are available for the pie chart in the Pulse app?
Which parameter should be used if a security analyst needs to filter events based on the time when they occurred on the endpoints?
What is the benefit of using default indexed properties for searching in QRadar?
Which two (2) types of data can be displayed by default in the Application Overview dashboard?
A Security Analyst was asked to search for an offense on a specific day. The requester was not sore of the time frame, but had Source Host information to use as well as networks involved, Destination IP and username.
Which fitters can the Security Analyst use to search for the information requested?
What type of custom property should be used when an analyst wants to combine extraction-based URLs, virus names, and secondary user names into a single property?
Which two (2) components are necessary for generating a report using the QRadar Report wizard?
A new log source was configured to send events to QRadar to help detect a malware outbreak. A security analyst has to create an offense based on properties from this payload but not all the information is parsed correctly.
What is the sequence of steps to ensure that the correct information is pulled from the payload to use in a rule?