IBM Security QRadar SIEM V7.4.3 Administration — Question 13

What is an approach to tuning a “noisy” rule, that is, a rule that generates too many offenses?

Answer options

• A. Determine whether the rule matches too many conditions in the traffic.
• B. In the offense output, scroll down and review the “Excessive” flags.
• C. Confirm that the rule is enabled.
• D. Use the QRadar Pulse app to map noisy offense output.

Correct answer: A

Explanation

The correct answer, A, focuses on evaluating the conditions that the rule is set to match, which can help reduce the number of offenses generated. Options B and D are more about reviewing output or using tools, while option C simply checks if the rule is enabled, which does not address tuning the rule itself.