How can an analyst search for all events that include the keyword "access"?

How can an analyst search for all events that include the keyword "access"?
A . Go to the Network Activity tab and run a quick search with the "access" keyword.
B . Go to the Log Activity tab and run a quick search with the "access" keyword.
C . Go to the Offenses tab and run a quick search with the "access" keyword.
D . Go to the Log Activity tab and run this AOL: select * from events where eventname like ‘access’.

View Answer

Answer: B

Explanation:

In IBM Security QRadar SIEM V7.5, to search for all events containing a specific keyword such as "access", an analyst should navigate to the "Log Activity" tab. This section of the QRadar interface is dedicated to viewing and analyzing log data collected from various sources. By running a quick search with the "access" keyword in the Log Activity tab, the analyst can filter out events that contain this term in any part of the log data. This functionality is crucial for identifying specific activities or incidents within the vast amounts of log data QRadar processes, allowing analysts to quickly hone in on relevant information for further investigation or action.