What happens when you select "False Positive" from the right-click menu in the Log Activity tab?
What type of building blocks would you use to categorize assets and server types into CIDR/IP ranges to exclude or include entire asset categories in rule tests?
Many offenses are generated and an analyst confirms that they match some kind of vulnerability scanning.
Which building block group needs to be updated to include the source IP of the vulnerability assessment (VA) scanner to reduce the number of offenses that are being generated?
An analyst wants to implement an AQL search in QRadar. Which two (2) tabs can be used to accomplish this implementation?