IBM Security QRadar SIEM V7.4.3 Administration — Question 35

Which log source should be used to filter QRadar audit events?

Answer options

• A. Health Metrics-2
• B. SIM Audit-2
• C. Audit-log
• D. SIM-Audit-log

Correct answer: B

Explanation

The correct answer is B, SIM Audit-2, as it specifically collects and organizes audit events from QRadar, making it suitable for filtering those events. The other options do not focus on the audit logs, with A being unrelated metrics, C lacking specificity to QRadar, and D representing a different format of logging that is not the primary source for audit events.