Question & Answer
Question
When defining a match count condition that triggers based on multiple defined rules, what is the logical operation associated with the comma?
Answer
In this case, the comma acts as a OR logical operator. In order for the rule to trigger, the events must match Rule 1 OR Rule 2 at least once in a two minute interval.
[{"Type":"MASTER","Line of Business":{"code":"LOB24","label":"Security Software"},"Business Unit":{"code":"BU048","label":"IBM Software"},"Product":{"code":"SSBQAC","label":"IBM Security QRadar SIEM"},"ARM Category":[{"code":"a8m0z000000cwtrAAA","label":"Rules"}],"ARM Case Number":"","Platform":[{"code":"PF016","label":"Linux"}],"Version":"All Versions"}]
Was this topic helpful?
Document Information
Modified date:
01 May 2024
UID
ibm17127553