IBM QRadar SIEM V7.5 Administration — Question 6

To detect outliers, which Anomaly Detection Engine rule tests events or flows for volume changes that occur in regular patterns?

Answer options

• A. Threshold rules
• B. Anomaly rules
• C. Building block rules
• D. Behavioral rules

Correct answer: D

Explanation

The correct answer is D, Behavioral rules, because they specifically analyze patterns and behaviors over time to identify deviations indicative of outliers. Threshold rules (A) set fixed limits and do not adapt to changing patterns, while Anomaly rules (B) focus on detecting unusual events without considering regular patterns. Building block rules (C) serve as components for more complex rule sets rather than directly detecting outliers based on volume changes.