Your QRadar SIEM creates the offense Clear Text Application Usage. You investigate the offense and find out that FTP traffic of a legacy application triggered the offense. This legacy application has management approval to use the unencrypted FTP protocol.
How do you prevent QRadar SIEM from creating an offense every time the legacy application uses FTP?
A. When closing the offense, select the option Never create an offense with these parameters again.
B. Ask a QRadar SIEM administrator to disable the flow source collecting the flows that triggered the offense.
C. Create a false positive to ignore all flows with DataTransfer.FTP with the Source IP address of the legacy application.
D. Create a new search that filters out all events from the legacy application, and configure this new search as the new default for the Network Activity tab.
The correct answer is C.
IBM Certified Deployment Professional – Security QRadar SIEM V7.2.4
Related Certification Courses
IBM Security QRadar SIEM Foundations
IBM Security QRadar SIEM 7.2 Administration and Configuration