Which type of rule should you use to test events or (lows for activities that are greater than or less than a specified range?

Which type of rule should you use to test events or (lows for activities that are greater than or less than a specified range?
A . Behavioral rules
B . Anomaly rules
C . Custom rules
D . Threshold rules

View Answer

Answer: D

Explanation:

Threshold rules in QRadar are designed to test events or flows for activities that are greater than or less than a specified range. These rules are particularly useful for detecting significant changes such as bandwidth usage variations, failed services, changes in the number of connected users, and large outbound data transfers. By setting acceptable limits within threshold rules, administrators can effectively monitor for and respond to abnormal activities within the network.