Which query can the analyst use as a working sample?
An analyst needs to find all events that are creating offenses that are triggered by rules that contain the word suspicious in the rule name.
Which query can the analyst use as a working sample?
A . SELECT LOGSOURCENAME(logsourceid), * from events where RULENAME(creeventlist) ILIKE ‘%suspicious%’
B . SELECT LOGGEDOFFENSE(logsourceid), * from offense_events where RULENAME(creeventlist) ILIKE ,%suspicious%’
C . SELECT LOGSOURCETYPE(logsourceid), – from log_events where RULENAME(creeventlist) ILIKE ‘%suspicious%’
D . SELECT LOGSOURCERULES(logsourceid), " from rule_events where RULENAME(creeventlist) ILIKE ‘%suspicious%’
Answer: A
Explanation:
Reference: https://www.ibm.com/docs/en/qradar-on-cloud?topic=searches-advanced-search-options
Latest C1000-018 Dumps Valid Version with 60 Q&As
Latest And Valid Q&A | Instant Download | Once Fail, Full Refund