|
Post by account_disabled on Feb 3, 2018 3:04:13 GMT -5
Hi, Is there any way in Qradar to stop chaining of events ? for Example : Multiple Login Failures to the Same Destination preceded by Login Failures Followed By Success to the same Destination IP preceded by same username. I want to stop chain of those offense. for every rule new offense should be created. Please help. Thanks! I didn't find the right solution from the Internet. References:https://www.ibm.com/developerworks/community/forums/html/topic?id=6da341e7-c61f-484b-ac7c-cefb0a21e3cc Procurement Software Video
|
|