What right-click menu option can an analyst use to find information about an IP or URL?
A QRadar analyst would like to search for events that have fully matched rules which triggered offenses.
What parameter and value should the analyst add as filter in the event search?
What is the name of the data collection set used in QRadar that can be populated with lOCs or other external data?
What does this example of a YARA rule represent?
rule ibm_forensics : qradar
meta:
description = “Complex Yara rule.“
strings:
Shexl = {4D 2B 68 00 ?? 14 99 F9 B? 00 30 Cl 8D}
Sstrl = "IBM Security!"
condition:
Shexl and (#strl > 3)