Offense chaining is based on which field that is specified in the rule?
A . Rule action field
B . Offense response field
C . Rule response field
D . Offense index field
Answer: D
Explanation:
Offense chaining in IBM Security QRadar SIEM V7.5 is based on the offense index field specified in the rule. This means that if a rule is configured to use a specific field, such as the source IP address, as the offense index field, there will only be one offense for that specific source IP address while the offense is active. This mechanism is crucial for tracking and managing offenses efficiently within the system.
Latest C1000-162 Dumps Valid Version with 60 Q&As
Latest And Valid Q&A | Instant Download | Once Fail, Full Refund