Posted by: Pdfprep
Post Date: January 7, 2021
What is indicated by an event on an existing log in QRadar that has a Low Level Category of “Unknown”?
A . That event could not be parsed
B . That event arrived out of order from the original device
C . That event was from a device that is not supported by QRadar
D . That the event was parsed, but not mapped to an existing QRadar category
Answer: D
Explanation:
Reference:
https://www.ibm.com/support/knowledgecenter/SSKMKU/com.ibm.dsm.doc/c_DSM_guide_UniversalLEEF_eventmap.html#c_dsm_guide_universalleef_eventmap
Leave a Reply