Post by account_disabled on Feb 3, 2018 3:04:13 GMT -5
Hi,
Is there any way in Qradar to stop chaining of events ?
for Example : Multiple Login Failures to the Same Destination
preceded by Login Failures Followed By Success to the same Destination IP preceded by same username.
I want to stop chain of those offense.
for every rule new offense should be created.
Please help.
Thanks!
I didn't find the right solution from the Internet.
References:https://www.ibm.com/developerworks/community/forums/html/topic?id=6da341e7-c61f-484b-ac7c-cefb0a21e3cc
Procurement Software Video
Is there any way in Qradar to stop chaining of events ?
for Example : Multiple Login Failures to the Same Destination
preceded by Login Failures Followed By Success to the same Destination IP preceded by same username.
I want to stop chain of those offense.
for every rule new offense should be created.
Please help.
Thanks!
I didn't find the right solution from the Internet.
References:https://www.ibm.com/developerworks/community/forums/html/topic?id=6da341e7-c61f-484b-ac7c-cefb0a21e3cc
Procurement Software Video