Question & Answer
Question
When I generate Offenses using a Historical Correlation profile, why don't I get the Offense names I expect?
Answer
Offenses generated during a Historical Correlation run are named with the low-level category of the first triggering event.
When events match a Rule during a Historical Correlation run, the only action taken by the system will be to generate an Offense if the Rule is configured to do so. All additional actions and responses will be ignored, including the generation of Custom Rule Engine events configured to contribute to Offense naming.
When events match a Rule during a Historical Correlation run, the only action taken by the system will be to generate an Offense if the Rule is configured to do so. All additional actions and responses will be ignored, including the generation of Custom Rule Engine events configured to contribute to Offense naming.
Related Information
[{"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSBQAC","label":"IBM Security QRadar SIEM"},"ARM Category":[{"code":"a8m0z000000bpR7AAI","label":"QRadar->Log Activity->Historical Correlation"},{"code":"a8m0z000000GngJAAS","label":"QRadar->Network Activity->Historical Correlation"},{"code":"a8m0z000000GnggAAC","label":"QRadar->Networking->Offense Management"}],"ARM Case Number":"TS003706059","Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"All Version(s)","Line of Business":{"code":"LOB24","label":"Security Software"}}]
Was this topic helpful?
Document Information
Modified date:
26 June 2020
UID
ibm16238972