Modifying a Rule by using Building Blocks
Рет қаралды 3,354
Күн бұрынLink to a Box folder with a file with an index of the most recent videos, go to the last page and look for a file named Security Intelligence Tutorial, Demos & Uses Cases Version XXX.pdf
ibm.ent.box.co...
@ashoksvista446 3 жыл бұрын
Thank you
@jbravovideos 3 жыл бұрын
You're welcome
@just_tin_tin6448 2 жыл бұрын
After upgrade from 7.3.3 to 7.5 our rule/building block editing does not allow any changes to existing rules. You can open wizzard, but cannot add any new logical conditions. Any suggestions?
@jbravovideos 2 жыл бұрын
I have no idea, contact support please
@just_tin_tin6448 2 жыл бұрын
@@jbravovideos Fixed. Needed newest updates 1-2 and interm fixes. This problem was known for IBM apparently.
@jambulo 3 жыл бұрын
So what is the preferred method for tuning out False Positives? There's a few options that I'm aware of(tuning using the Use Case Manager, using the "False Positive" button, using the False Positive building block, and then this method).
@jbravovideos 3 жыл бұрын
My advise: Never us the false positive button. Disable the rule as a last resource.
@jbravovideos 3 жыл бұрын
The idea of this video is to show one way of tuning the rule.
@ahmedessam5518 3 жыл бұрын
Hi Jose, can I use your videos as a first material to learn Qradar? Or are they advanced and I should go through a basic course first?
@jbravovideos 3 жыл бұрын
Please go to any of my videos, and the video description there is a link to a public Box folder in it you will find a pdf, in it there is a well organized list of all the videos. Please try it.....
@ahmedessam5518 3 жыл бұрын
@@jbravovideos Found it 'Security Intelligence Tutorial, Demos & Uses Cases Version 302'. Thank you for taking the time to organize your videos so that beginners can make the most of it.
@vinyldown8490 Жыл бұрын
thank you
@jbravovideos Жыл бұрын
You're welcome
Один день
Рет қаралды 138 М.
Wes Roth
Рет қаралды 321 М.